- marked as enhancement
[Linux] Add support for nft
Issue #85
closed
I know I might be a bit early here, but we from ungleich.ch researched nftables a bit and it looks like it is the more usable iptables.
It also looks like it would nicely work independently of the existing ruleset, as sshguard could create a chain on its own + input hook and thus easily filter packets.
I.e.
table inet filter { chain input { type filter hook input priority 0; policy accept;
# Drop rules go in here }
}
The commands are:
nft add table inet filter nft add chain inet filter sshguard { type filter hook input priority 0\; policy accept\; } # Dropping traffic nft add rule inet filter sshguard ip saddr 127.0.0.4 drop nft add rule inet filter sshguard ip saddr ::4 drop
It would be great if you can add an nft backend, because mixing nft and iptables is a bit messy.
Comments (2)
-
-
- changed status to closed
SSHGuard already has nft support.
- Log in to comment
nftables support was added in v2.1.