[Linux] Add support for nft

I know I might be a bit early here, but we from ungleich.ch researched nftables a bit and it looks like it is the more usable iptables.

It also looks like it would nicely work independently of the existing ruleset, as sshguard could create a chain on its own + input hook and thus easily filter packets.

I.e.

table inet filter { chain input { type filter hook input priority 0; policy accept;

            # Drop rules go in here
}

}

The commands are:

nft add table inet  filter
nft add chain inet filter sshguard { type filter hook input priority 0\; policy accept\; }

# Dropping traffic
nft add rule inet filter sshguard ip saddr 127.0.0.4 drop
nft add rule inet filter sshguard ip saddr ::4 drop

It would be great if you can add an nft backend, because mixing nft and iptables is a bit messy.

Comments (2)