With iptables I can change the for example INPUT policy with iptables -P INPUT DROP
to drop. Is there any option to do the same with nft
?
Editing /etc/nftables.conf
would work of course but that is not what I want.
firewallnftables
With iptables I can change the for example INPUT policy with iptables -P INPUT DROP
to drop. Is there any option to do the same with nft
?
Editing /etc/nftables.conf
would work of course but that is not what I want.
Best Answer
Yes you can redefine an already existing base chain's policy without changing its content. There's no separate keyword for this, it's still
add
:Complete example in a namespace:
test.nft
:setup:
alteration:
The policy was changed, without altering the rules. Using here nft 0.9.5 and kernel 5.7.x . Depending on version behaviour might differ.
There's a kernel commit from 2015 allowing to do only this:
Before this (around kernel 4.1), one had to provide again the base chain definition (which can't be changed by the way):