I'm beginning to plan the transition from iptables-nft to native
nftables. I plan to have a shell script that builds a set of "define"
statements and concatenates then with the actual nft script that uses them.
Question 1:
What is the difference between "meta l4proto tcp tcp dport 22" and just
"tcp dport 22". I've seen examples of both, and both seem to work.
Question 2:
Is there a way to specify conditional inclusion of rules in a file
loaded with "nft -f"?
I.e., something like:
define AllowSsh = 1 # or 0
...
if AllowSsh
meta l4proto tcp tcp dport 22 accept
else
meta l4proto tcp tcp dport 22 drop
endif
?
Thanks,
Jesper
--
Jesper Dybdal
https://www.dybdal.dk