minion/docs
1
0
Fork 0
forked from auxolotl/docs
Code Pull requests 5 Activity
docs/NixOS/networking/nftables/index.html

6245 lines
97 KiB
HTML
Raw Normal View History

Deploy cd4936a to pages...pages.gay
2024-07-24 19:14:02 +00:00
<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="description" content="Aux Documentation">
<meta name="author" content="Nixpkgs Aux, and Lix Contributors">
<link rel="canonical" href="https://docs.auxolotl.org/NixOS/networking/nftables/">
<link rel="prev" href="../networkmanager/">
<link rel="next" href="../openconnect/">
<link rel="icon" href="../../../assets/aux-logo.svg">
<meta name="generator" content="mkdocs-1.6.0, mkdocs-material-9.5.29">
<title>Nftables - Aux Docs</title>
<link rel="stylesheet" href="../../../assets/stylesheets/main.76a95c52.min.css">
<link rel="stylesheet" href="../../../assets/stylesheets/palette.06af60db.min.css">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="stylesheet" href="https://fonts.bunny.net/css?family=IBM+Plex+Sans:300,300i,400,400i,700,700i%7CIBM+Plex+Mono:400,400i,700,700i&display=fallback">
<style>:root{--md-text-font:"IBM Plex Sans";--md-code-font:"IBM Plex Mono"}</style>
<script>__md_scope=new URL("../../..",location),__md_hash=e=>[...e].reduce((e,_)=>(e<<5)-e+_.charCodeAt(0),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
<meta property="og:type" content="website" >
<meta property="og:title" content="Nftables - Aux Docs" >
<meta property="og:description" content="Aux Documentation" >
<meta property="og:image" content="https://docs.auxolotl.org/assets/images/social/NixOS/networking/nftables.png" >
<meta property="og:image:type" content="image/png" >
<meta property="og:image:width" content="1200" >
<meta property="og:image:height" content="630" >
<meta property="og:url" content="https://docs.auxolotl.org/NixOS/networking/nftables/" >
<meta name="twitter:card" content="summary_large_image" >
<meta name="twitter:title" content="Nftables - Aux Docs" >
<meta name="twitter:description" content="Aux Documentation" >
<meta name="twitter:image" content="https://docs.auxolotl.org/assets/images/social/NixOS/networking/nftables.png" >
</head>
<body dir="ltr" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="blue">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#networkingnftablescheckruleset" class="md-skip">
Skip to content
</a>
</div>
<div data-md-component="announce">
</div>
<header class="md-header" data-md-component="header">
<nav class="md-header__inner md-grid" aria-label="Header">
<a href="../../.." title="Aux Docs" class="md-header__button md-logo" aria-label="Aux Docs" data-md-component="logo">
<img src="../../../assets/aux-logo.svg" alt="logo">
</a>
<label class="md-header__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2Z"/></svg>
</label>
<div class="md-header__title" data-md-component="header-title">
<div class="md-header__ellipsis">
<div class="md-header__topic">
<span class="md-ellipsis">
Aux Docs
</span>
</div>
<div class="md-header__topic" data-md-component="header-topic">
<span class="md-ellipsis">
Nftables
</span>
</div>
</div>
</div>
<form class="md-header__option" data-md-component="palette">
<input class="md-option" data-md-color-media="(prefers-color-scheme: light)" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="blue" aria-label="Dark Mode" type="radio" name="__palette" id="__palette_0">
<label class="md-header__button md-icon" title="Dark Mode" for="__palette_1" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="m17.75 4.09-2.53 1.94.91 3.06-2.63-1.81-2.63 1.81.91-3.06-2.53-1.94L12.44 4l1.06-3 1.06 3 3.19.09m3.5 6.91-1.64 1.25.59 1.98-1.7-1.17-1.7 1.17.59-1.98L15.75 11l2.06-.05L18.5 9l.69 1.95 2.06.05m-2.28 4.95c.83-.08 1.72 1.1 1.19 1.85-.32.45-.66.87-1.08 1.27C15.17 23 8.84 23 4.94 19.07c-3.91-3.9-3.91-10.24 0-14.14.4-.4.82-.76 1.27-1.08.75-.53 1.93.36 1.85 1.19-.27 2.86.69 5.83 2.89 8.02a9.96 9.96 0 0 0 8.02 2.89m-1.64 2.02a12.08 12.08 0 0 1-7.8-3.47c-2.17-2.19-3.33-5-3.49-7.82-2.81 3.14-2.7 7.96.31 10.98 3.02 3.01 7.84 3.12 10.98.31Z"/></svg>
</label>
<input class="md-option" data-md-color-media="(prefers-color-scheme: dark)" data-md-color-scheme="slate" data-md-color-primary="indigo" data-md-color-accent="blue" aria-label="Light Mode" type="radio" name="__palette" id="__palette_1">
<label class="md-header__button md-icon" title="Light Mode" for="__palette_0" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 7a5 5 0 0 1 5 5 5 5 0 0 1-5 5 5 5 0 0 1-5-5 5 5 0 0 1 5-5m0 2a3 3 0 0 0-3 3 3 3 0 0 0 3 3 3 3 0 0 0 3-3 3 3 0 0 0-3-3m0-7 2.39 3.42C13.65 5.15 12.84 5 12 5c-.84 0-1.65.15-2.39.42L12 2M3.34 7l4.16-.35A7.2 7.2 0 0 0 5.94 8.5c-.44.74-.69 1.5-.83 2.29L3.34 7m.02 10 1.76-3.77a7.131 7.131 0 0 0 2.38 4.14L3.36 17M20.65 7l-1.77 3.79a7.023 7.023 0 0 0-2.38-4.15l4.15.36m-.01 10-4.14.36c.59-.51 1.12-1.14 1.54-1.86.42-.73.69-1.5.83-2.29L20.64 17M12 22l-2.41-3.44c.74.27 1.55.44 2.41.44.82 0 1.63-.17 2.37-.44L12 22Z"/></svg>
</label>
</form>
<script>var media,input,key,value,palette=__md_get("__palette");if(palette&&palette.color){"(prefers-color-scheme)"===palette.color.media&&(media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']"),palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent"));for([key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
<label class="md-header__button md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg>
</label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12Z"/></svg>
</label>
<nav class="md-search__options" aria-label="Search">
<button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41Z"/></svg>
</button>
</nav>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
<div class="md-search-result" data-md-component="search-result">
<div class="md-search-result__meta">
Initializing search
</div>
<ol class="md-search-result__list" role="presentation"></ol>
</div>
</div>
</div>
</div>
</div>
<div class="md-header__source">
<a href="https://git.auxolotl.org/auxolotl/docs" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M16.777 0a2.9 2.9 0 1 1-2.529 4.322H12.91a4.266 4.266 0 0 0-4.265 4.195v2.118a7.076 7.076 0 0 1 4.147-1.42l.118-.002h1.338a2.9 2.9 0 0 1 5.43 1.422 2.9 2.9 0 0 1-5.43 1.422H12.91a4.266 4.266 0 0 0-4.265 4.195v2.319A2.9 2.9 0 0 1 7.222 24 2.9 2.9 0 0 1 5.8 18.57V8.589a7.109 7.109 0 0 1 6.991-7.108l.118-.001h1.338A2.9 2.9 0 0 1 16.778 0ZM7.223 19.905a1.194 1.194 0 1 0 0 2.389 1.194 1.194 0 0 0 0-2.389Zm9.554-10.464a1.194 1.194 0 1 0 0 2.389 1.194 1.194 0 0 0 0-2.39Zm0-7.735a1.194 1.194 0 1 0 0 2.389 1.194 1.194 0 0 0 0-2.389Z"/></svg>
</div>
<div class="md-source__repository">
auxolotl/docs
</div>
</a>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<nav class="md-tabs" aria-label="Tabs" data-md-component="tabs">
<div class="md-grid">
<ul class="md-tabs__list">
<li class="md-tabs__item">
<a href="../../.." class="md-tabs__link">
Aux Documentation Hub
</a>
</li>
<li class="md-tabs__item">
<a href="../../../TODO/" class="md-tabs__link">
TODO
</a>
</li>
<li class="md-tabs__item">
<a href="../../../Aux/" class="md-tabs__link">
Aux
</a>
</li>
<li class="md-tabs__item">
<a href="../../../Lix/" class="md-tabs__link">
Lix
</a>
</li>
<li class="md-tabs__item md-tabs__item--active">
<a href="../../appstream/" class="md-tabs__link">
NixOS
</a>
</li>
<li class="md-tabs__item">
<a href="../../../Nixpkgs/" class="md-tabs__link">
Nixpkgs
</a>
</li>
</ul>
</div>
</nav>
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary md-nav--lifted" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href="../../.." title="Aux Docs" class="md-nav__button md-logo" aria-label="Aux Docs" data-md-component="logo">
<img src="../../../assets/aux-logo.svg" alt="logo">
</a>
Aux Docs
</label>
<div class="md-nav__source">
<a href="https://git.auxolotl.org/auxolotl/docs" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M16.777 0a2.9 2.9 0 1 1-2.529 4.322H12.91a4.266 4.266 0 0 0-4.265 4.195v2.118a7.076 7.076 0 0 1 4.147-1.42l.118-.002h1.338a2.9 2.9 0 0 1 5.43 1.422 2.9 2.9 0 0 1-5.43 1.422H12.91a4.266 4.266 0 0 0-4.265 4.195v2.319A2.9 2.9 0 0 1 7.222 24 2.9 2.9 0 0 1 5.8 18.57V8.589a7.109 7.109 0 0 1 6.991-7.108l.118-.001h1.338A2.9 2.9 0 0 1 16.778 0ZM7.223 19.905a1.194 1.194 0 1 0 0 2.389 1.194 1.194 0 0 0 0-2.389Zm9.554-10.464a1.194 1.194 0 1 0 0 2.389 1.194 1.194 0 0 0 0-2.39Zm0-7.735a1.194 1.194 0 1 0 0 2.389 1.194 1.194 0 0 0 0-2.389Z"/></svg>
</div>
<div class="md-source__repository">
auxolotl/docs
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../.." class="md-nav__link">
<span class="md-ellipsis">
Aux Documentation Hub
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../TODO/" class="md-nav__link">
<span class="md-ellipsis">
TODO
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../../../Aux/" class="md-nav__link">
<span class="md-ellipsis">
Aux
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../../../Lix/" class="md-nav__link">
<span class="md-ellipsis">
Lix
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5" checked>
<label class="md-nav__link" for="__nav_5" id="__nav_5_label" tabindex="">
<span class="md-ellipsis">
NixOS
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_5">
<span class="md-nav__icon md-icon"></span>
NixOS
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../appstream/" class="md-nav__link">
<span class="md-ellipsis">
Appstream
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../console/" class="md-nav__link">
<span class="md-ellipsis">
Console
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../containers/" class="md-nav__link">
<span class="md-ellipsis">
Containers
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../documentation/" class="md-nav__link">
<span class="md-ellipsis">
Documentation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../dysnomia/" class="md-nav__link">
<span class="md-ellipsis">
Dysnomia
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../ec2/" class="md-nav__link">
<span class="md-ellipsis">
Ec2
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../environment/" class="md-nav__link">
<span class="md-ellipsis">
Environment
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../fileSystems/" class="md-nav__link">
<span class="md-ellipsis">
fileSystems
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../fonts/" class="md-nav__link">
<span class="md-ellipsis">
Fonts
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../gtk/" class="md-nav__link">
<span class="md-ellipsis">
Gtk
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../hardware/" class="md-nav__link">
<span class="md-ellipsis">
Hardware
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../i18n/" class="md-nav__link">
<span class="md-ellipsis">
I18n
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../image/" class="md-nav__link">
<span class="md-ellipsis">
Image
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../lib/" class="md-nav__link">
<span class="md-ellipsis">
Lib
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../location/" class="md-nav__link">
<span class="md-ellipsis">
Location
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../nix/" class="md-nav__link">
<span class="md-ellipsis">
Nix
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../nixops/" class="md-nav__link">
<span class="md-ellipsis">
Nixops
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../nixpkgs/" class="md-nav__link">
<span class="md-ellipsis">
Nixpkgs
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../oci/" class="md-nav__link">
<span class="md-ellipsis">
Oci
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../openstack/" class="md-nav__link">
<span class="md-ellipsis">
Openstack
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../power/" class="md-nav__link">
<span class="md-ellipsis">
Power
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../powerManagement/" class="md-nav__link">
<span class="md-ellipsis">
powerManagement
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../qt/" class="md-nav__link">
<span class="md-ellipsis">
Qt
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../specialisation/" class="md-nav__link">
<span class="md-ellipsis">
Specialisation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../swapDevices/" class="md-nav__link">
<span class="md-ellipsis">
swapDevices
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../system/" class="md-nav__link">
<span class="md-ellipsis">
System
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../time/" class="md-nav__link">
<span class="md-ellipsis">
Time
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../xdg/" class="md-nav__link">
<span class="md-ellipsis">
Xdg
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../zramSwap/" class="md-nav__link">
<span class="md-ellipsis">
zramSwap
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../../boot/" class="md-nav__link">
<span class="md-ellipsis">
Boot
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_31" checked>
<div class="md-nav__link md-nav__container">
<a href="../" class="md-nav__link ">
<span class="md-ellipsis">
Networking
</span>
</a>
<label class="md-nav__link " for="__nav_5_31" id="__nav_5_31_label" tabindex="0">
<span class="md-nav__icon md-icon"></span>
</label>
</div>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_31_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_5_31">
<span class="md-nav__icon md-icon"></span>
Networking
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../bonds/" class="md-nav__link">
<span class="md-ellipsis">
Bonds
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../bridges/" class="md-nav__link">
<span class="md-ellipsis">
Bridges
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../defaultGateway/" class="md-nav__link">
<span class="md-ellipsis">
defaultGateway
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../defaultGateway6/" class="md-nav__link">
<span class="md-ellipsis">
defaultGateway6
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../dhcpcd/" class="md-nav__link">
<span class="md-ellipsis">
Dhcpcd
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../firewall/" class="md-nav__link">
<span class="md-ellipsis">
Firewall
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../fooOverUDP/" class="md-nav__link">
<span class="md-ellipsis">
fooOverUDP
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../greTunnels/" class="md-nav__link">
<span class="md-ellipsis">
greTunnels
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../interfaces/" class="md-nav__link">
<span class="md-ellipsis">
Interfaces
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../iproute2/" class="md-nav__link">
<span class="md-ellipsis">
Iproute2
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../jool/" class="md-nav__link">
<span class="md-ellipsis">
Jool
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../macvlans/" class="md-nav__link">
<span class="md-ellipsis">
Macvlans
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../nat/" class="md-nav__link">
<span class="md-ellipsis">
Nat
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../networkmanager/" class="md-nav__link">
<span class="md-ellipsis">
Networkmanager
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
<span class="md-ellipsis">
Nftables
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<a href="./" class="md-nav__link md-nav__link--active">
<span class="md-ellipsis">
Nftables
</span>
</a>
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#networkingnftablescheckruleset" class="md-nav__link">
<span class="md-ellipsis">
networking.nftables.checkRuleset
</span>
</a>
<nav class="md-nav" aria-label="networking.nftables.checkRuleset">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#networkingnftablescheckrulesetredirects" class="md-nav__link">
<span class="md-ellipsis">
networking.nftables.checkRulesetRedirects
</span>
</a>
<nav class="md-nav" aria-label="networking.nftables.checkRulesetRedirects">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_1" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#networkingnftablesenable" class="md-nav__link">
<span class="md-ellipsis">
networking.nftables.enable
</span>
</a>
<nav class="md-nav" aria-label="networking.nftables.enable">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_2" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#networkingnftablesextradeletions" class="md-nav__link">
<span class="md-ellipsis">
networking.nftables.extraDeletions
</span>
</a>
<nav class="md-nav" aria-label="networking.nftables.extraDeletions">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_3" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#networkingnftablesflattenrulesetfile" class="md-nav__link">
<span class="md-ellipsis">
networking.nftables.flattenRulesetFile
</span>
</a>
<nav class="md-nav" aria-label="networking.nftables.flattenRulesetFile">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_4" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#networkingnftablesflushruleset" class="md-nav__link">
<span class="md-ellipsis">
networking.nftables.flushRuleset
</span>
</a>
<nav class="md-nav" aria-label="networking.nftables.flushRuleset">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_5" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_1" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#networkingnftablesprecheckruleset" class="md-nav__link">
<span class="md-ellipsis">
networking.nftables.preCheckRuleset
</span>
</a>
<nav class="md-nav" aria-label="networking.nftables.preCheckRuleset">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_6" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_2" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#networkingnftablesruleset" class="md-nav__link">
<span class="md-ellipsis">
networking.nftables.ruleset
</span>
</a>
<nav class="md-nav" aria-label="networking.nftables.ruleset">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_7" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_3" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#networkingnftablesrulesetfile" class="md-nav__link">
<span class="md-ellipsis">
networking.nftables.rulesetFile
</span>
</a>
<nav class="md-nav" aria-label="networking.nftables.rulesetFile">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_8" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#networkingnftablestables" class="md-nav__link">
<span class="md-ellipsis">
networking.nftables.tables
</span>
</a>
<nav class="md-nav" aria-label="networking.nftables.tables">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_9" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_4" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#networkingnftablestablesnamecontent" class="md-nav__link">
<span class="md-ellipsis">
networking.nftables.tables.&lt;name&gt;.content
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#networkingnftablestablesnameenable" class="md-nav__link">
<span class="md-ellipsis">
networking.nftables.tables.&lt;name&gt;.enable
</span>
</a>
<nav class="md-nav" aria-label="networking.nftables.tables.<name>.enable">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_10" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#networkingnftablestablesnamefamily" class="md-nav__link">
<span class="md-ellipsis">
networking.nftables.tables.&lt;name&gt;.family
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#networkingnftablestablesnamename" class="md-nav__link">
<span class="md-ellipsis">
networking.nftables.tables.&lt;name&gt;.name
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../openconnect/" class="md-nav__link">
<span class="md-ellipsis">
Openconnect
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../proxy/" class="md-nav__link">
<span class="md-ellipsis">
Proxy
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../resolvconf/" class="md-nav__link">
<span class="md-ellipsis">
Resolvconf
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../rxe/" class="md-nav__link">
<span class="md-ellipsis">
Rxe
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../sits/" class="md-nav__link">
<span class="md-ellipsis">
Sits
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../stevenblack/" class="md-nav__link">
<span class="md-ellipsis">
Stevenblack
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../supplicant/" class="md-nav__link">
<span class="md-ellipsis">
Supplicant
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../tcpcrypt/" class="md-nav__link">
<span class="md-ellipsis">
Tcpcrypt
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../ucarp/" class="md-nav__link">
<span class="md-ellipsis">
Ucarp
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../vlans/" class="md-nav__link">
<span class="md-ellipsis">
Vlans
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../vswitches/" class="md-nav__link">
<span class="md-ellipsis">
Vswitches
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../wg-quick/" class="md-nav__link">
<span class="md-ellipsis">
Wg quick
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../wireguard/" class="md-nav__link">
<span class="md-ellipsis">
Wireguard
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../wireless/" class="md-nav__link">
<span class="md-ellipsis">
Wireless
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../wlanInterfaces/" class="md-nav__link">
<span class="md-ellipsis">
wlanInterfaces
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../../programs/_1password-gui/" class="md-nav__link">
<span class="md-ellipsis">
Programs
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../../security/" class="md-nav__link">
<span class="md-ellipsis">
Security
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../../services/" class="md-nav__link">
<span class="md-ellipsis">
Services
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../../systemd/" class="md-nav__link">
<span class="md-ellipsis">
Systemd
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../../users/" class="md-nav__link">
<span class="md-ellipsis">
Users
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../../virtualisation/" class="md-nav__link">
<span class="md-ellipsis">
Virtualisation
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../../../Nixpkgs/" class="md-nav__link">
<span class="md-ellipsis">
Nixpkgs
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#networkingnftablescheckruleset" class="md-nav__link">
<span class="md-ellipsis">
networking.nftables.checkRuleset
</span>
</a>
<nav class="md-nav" aria-label="networking.nftables.checkRuleset">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#networkingnftablescheckrulesetredirects" class="md-nav__link">
<span class="md-ellipsis">
networking.nftables.checkRulesetRedirects
</span>
</a>
<nav class="md-nav" aria-label="networking.nftables.checkRulesetRedirects">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_1" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#networkingnftablesenable" class="md-nav__link">
<span class="md-ellipsis">
networking.nftables.enable
</span>
</a>
<nav class="md-nav" aria-label="networking.nftables.enable">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_2" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#networkingnftablesextradeletions" class="md-nav__link">
<span class="md-ellipsis">
networking.nftables.extraDeletions
</span>
</a>
<nav class="md-nav" aria-label="networking.nftables.extraDeletions">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_3" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#networkingnftablesflattenrulesetfile" class="md-nav__link">
<span class="md-ellipsis">
networking.nftables.flattenRulesetFile
</span>
</a>
<nav class="md-nav" aria-label="networking.nftables.flattenRulesetFile">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_4" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#networkingnftablesflushruleset" class="md-nav__link">
<span class="md-ellipsis">
networking.nftables.flushRuleset
</span>
</a>
<nav class="md-nav" aria-label="networking.nftables.flushRuleset">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_5" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_1" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#networkingnftablesprecheckruleset" class="md-nav__link">
<span class="md-ellipsis">
networking.nftables.preCheckRuleset
</span>
</a>
<nav class="md-nav" aria-label="networking.nftables.preCheckRuleset">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_6" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_2" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#networkingnftablesruleset" class="md-nav__link">
<span class="md-ellipsis">
networking.nftables.ruleset
</span>
</a>
<nav class="md-nav" aria-label="networking.nftables.ruleset">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_7" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_3" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#networkingnftablesrulesetfile" class="md-nav__link">
<span class="md-ellipsis">
networking.nftables.rulesetFile
</span>
</a>
<nav class="md-nav" aria-label="networking.nftables.rulesetFile">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_8" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#networkingnftablestables" class="md-nav__link">
<span class="md-ellipsis">
networking.nftables.tables
</span>
</a>
<nav class="md-nav" aria-label="networking.nftables.tables">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_9" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_4" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#networkingnftablestablesnamecontent" class="md-nav__link">
<span class="md-ellipsis">
networking.nftables.tables.&lt;name&gt;.content
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#networkingnftablestablesnameenable" class="md-nav__link">
<span class="md-ellipsis">
networking.nftables.tables.&lt;name&gt;.enable
</span>
</a>
<nav class="md-nav" aria-label="networking.nftables.tables.<name>.enable">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_10" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#networkingnftablestablesnamefamily" class="md-nav__link">
<span class="md-ellipsis">
networking.nftables.tables.&lt;name&gt;.family
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#networkingnftablestablesnamename" class="md-nav__link">
<span class="md-ellipsis">
networking.nftables.tables.&lt;name&gt;.name
</span>
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content" data-md-component="content">
<article class="md-content__inner md-typeset">
<h1>Nftables</h1>
<h2 id="networkingnftablescheckruleset" networking-nftables-checkRuleset="networking-nftables-checkRuleset"><code>networking.nftables.checkRuleset</code></h2>
<p>Run <code>nft check</code> on the ruleset to spot syntax errors during build.
Because this is executed in a sandbox, the check might fail if it requires
access to any environmental factors or paths outside the Nix store.
To circumvent this, the ruleset file can be edited using the preCheckRuleset
option to work in the sandbox environment.</p>
<p><strong>Type:</strong> <code>boolean</code></p>
<h3 id="default" networking-nftables-checkRuleset-default="networking-nftables-checkRuleset-default">Default</h3>
<p><code class="highlight"><span class="no">true</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nftables.nix">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nftables.nix</a></p>
<h2 id="networkingnftablescheckrulesetredirects" networking-nftables-checkRulesetRedirects="networking-nftables-checkRulesetRedirects"><code>networking.nftables.checkRulesetRedirects</code></h2>
<p>Set of paths that should be intercepted and rewritten while checking the ruleset
using <code>pkgs.buildPackages.libredirect</code>.</p>
<p><strong>Type:</strong> <code>attribute set of path</code></p>
<h3 id="default_1" networking-nftables-checkRulesetRedirects-default="networking-nftables-checkRulesetRedirects-default">Default</h3>
<p><code class="highlight"><span class="p">{</span><span class="s2">&quot;/etc/hosts&quot;</span> <span class="o">=</span> config<span class="o">.</span>environment<span class="o">.</span>etc<span class="o">.</span>hosts<span class="o">.</span>source<span class="p">;</span><span class="s2">&quot;/etc/protocols&quot;</span> <span class="o">=</span> config<span class="o">.</span>environment<span class="o">.</span>etc<span class="o">.</span>protocols<span class="o">.</span>source<span class="p">;</span><span class="s2">&quot;/etc/services&quot;</span> <span class="o">=</span> config<span class="o">.</span>environment<span class="o">.</span>etc<span class="o">.</span>services<span class="o">.</span>source<span class="p">;</span><span class="p">}</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nftables.nix">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nftables.nix</a></p>
<h2 id="networkingnftablesenable" networking-nftables-enable="networking-nftables-enable"><code>networking.nftables.enable</code></h2>
<p>Whether to enable nftables and use nftables based firewall if enabled.
nftables is a Linux-based packet filtering framework intended to
replace frameworks like iptables.</p>
<p>Note that if you have Docker enabled you will not be able to use
nftables without intervention. Docker uses iptables internally to
setup NAT for containers. This module disables the ip_tables kernel
module, however Docker automatically loads the module. Please see
<a href="https://github.com/NixOS/nixpkgs/issues/24318#issuecomment-289216273">https://github.com/NixOS/nixpkgs/issues/24318#issuecomment-289216273</a>
for more information.</p>
<p>There are other programs that use iptables internally too, such as
libvirt. For information on how the two firewalls interact, see
<a href="https://wiki.nftables.org/wiki-nftables/index.php/Troubleshooting#Question_4._How_do_nftables_and_iptables_interact_when_used_on_the_same_system.3F">https://wiki.nftables.org/wiki-nftables/index.php/Troubleshooting#Question_4._How_do_nftables_and_iptables_interact_when_used_on_the_same_system.3F</a>.</p>
<p><strong>Type:</strong> <code>boolean</code></p>
<h3 id="default_2" networking-nftables-enable-default="networking-nftables-enable-default">Default</h3>
<p><code class="highlight"><span class="no">false</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nftables.nix">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nftables.nix</a></p>
<h2 id="networkingnftablesextradeletions" networking-nftables-extraDeletions="networking-nftables-extraDeletions"><code>networking.nftables.extraDeletions</code></h2>
<p>Extra deletion commands to be run on every firewall start, reload
and after stopping the firewall.</p>
<p><strong>Type:</strong> <code>strings concatenated with "\n"</code></p>
<h3 id="default_3" networking-nftables-extraDeletions-default="networking-nftables-extraDeletions-default">Default</h3>
<p><code class="highlight"><span class="s2">&quot;&quot;</span></code></p>
<h3 id="example" networking-nftables-extraDeletions-example="networking-nftables-extraDeletions-example">Example</h3>
<p>`#!nix ''
# this makes deleting a non-existing table a no-op instead of an error
table inet some-table;</p>
<p>delete table inet some-table;
''`</p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nftables.nix">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nftables.nix</a></p>
<h2 id="networkingnftablesflattenrulesetfile" networking-nftables-flattenRulesetFile="networking-nftables-flattenRulesetFile"><code>networking.nftables.flattenRulesetFile</code></h2>
<p>Use <code>builtins.readFile</code> rather than <code>include</code> to handle {option}<code>networking.nftables.rulesetFile</code>. It is useful when you want to apply {option}<code>networking.nftables.preCheckRuleset</code> to {option}<code>networking.nftables.rulesetFile</code>.</p>
<p>::: {.note}
It is expected that {option}<code>networking.nftables.rulesetFile</code> can be accessed from the build sandbox.
:::</p>
<p><strong>Type:</strong> <code>boolean</code></p>
<h3 id="default_4" networking-nftables-flattenRulesetFile-default="networking-nftables-flattenRulesetFile-default">Default</h3>
<p><code class="highlight"><span class="no">false</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nftables.nix">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nftables.nix</a></p>
<h2 id="networkingnftablesflushruleset" networking-nftables-flushRuleset="networking-nftables-flushRuleset"><code>networking.nftables.flushRuleset</code></h2>
<p>Whether to enable flushing the entire ruleset on each reload.
<strong>Type:</strong> <code>boolean</code></p>
<h3 id="default_5" networking-nftables-flushRuleset-default="networking-nftables-flushRuleset-default">Default</h3>
<p><code class="highlight"><span class="no">false</span></code></p>
<h3 id="example_1" networking-nftables-flushRuleset-example="networking-nftables-flushRuleset-example">Example</h3>
<p><code class="highlight"><span class="no">true</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nftables.nix">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nftables.nix</a></p>
<h2 id="networkingnftablesprecheckruleset" networking-nftables-preCheckRuleset="networking-nftables-preCheckRuleset"><code>networking.nftables.preCheckRuleset</code></h2>
<p>This script gets run before the ruleset is checked. It can be used to
create additional files needed for the ruleset check to work, or modify
the ruleset for cases the build environment cannot cover.</p>
<p><strong>Type:</strong> <code>strings concatenated with "\n"</code></p>
<h3 id="default_6" networking-nftables-preCheckRuleset-default="networking-nftables-preCheckRuleset-default">Default</h3>
<p><code class="highlight"><span class="s2">&quot;&quot;</span></code></p>
<h3 id="example_2" networking-nftables-preCheckRuleset-example="networking-nftables-preCheckRuleset-example">Example</h3>
<p><code class="highlight">sed <span class="err">&#39;</span><span class="l">s/skgid</span> <span class="l">meadow/skgid</span> <span class="l">nogroup/g</span><span class="err">&#39;</span> <span class="o">-</span>i ruleset<span class="o">.</span>conf</code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nftables.nix">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nftables.nix</a></p>
<h2 id="networkingnftablesruleset" networking-nftables-ruleset="networking-nftables-ruleset"><code>networking.nftables.ruleset</code></h2>
<p>The ruleset to be used with nftables. Should be in a format that
can be loaded using "/bin/nft -f". The ruleset is updated atomically.
Note that if the tables should be cleaned first, either:
- networking.nftables.flushRuleset = true; needs to be set (flushes all tables)
- networking.nftables.extraDeletions needs to be set
- or networking.nftables.tables can be used, which will clean up the table automatically</p>
<p><strong>Type:</strong> <code>strings concatenated with "\n"</code></p>
<h3 id="default_7" networking-nftables-ruleset-default="networking-nftables-ruleset-default">Default</h3>
<p><code class="highlight"><span class="s2">&quot;&quot;</span></code></p>
<h3 id="example_3" networking-nftables-ruleset-example="networking-nftables-ruleset-example">Example</h3>
<p>`#!nix ''
# Check out https://wiki.nftables.org/ for better documentation.
# Table for both IPv4 and IPv6.
table inet filter {
# Block all incoming connections traffic except SSH and "ping".
chain input {
type filter hook input priority 0;</p>
<div class="highlight"><pre><span></span><code> # accept any localhost traffic
iifname lo accept
# accept traffic originated from us
ct state {established, related} accept
# ICMP
# routers may also want: mld-listener-query, nd-router-solicit
ip6 nexthdr icmpv6 icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept
ip protocol icmp icmp type { destination-unreachable, router-advertisement, time-exceeded, parameter-problem } accept
# allow &quot;ping&quot;
ip6 nexthdr icmpv6 icmpv6 type echo-request accept
ip protocol icmp icmp type echo-request accept
# accept SSH connections (required for a server)
tcp dport 22 accept
# count and drop any other traffic
counter drop
}
# Allow all outgoing connections.
chain output {
type filter hook output priority 0;
accept
}
chain forward {
type filter hook forward priority 0;
accept
}
</code></pre></div>
<p>}
''`</p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nftables.nix">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nftables.nix</a></p>
<h2 id="networkingnftablesrulesetfile" networking-nftables-rulesetFile="networking-nftables-rulesetFile"><code>networking.nftables.rulesetFile</code></h2>
<p>The ruleset file to be used with nftables. Should be in a format that
can be loaded using "nft -f". The ruleset is updated atomically.</p>
<p><strong>Type:</strong> <code>null or path</code></p>
<h3 id="default_8" networking-nftables-rulesetFile-default="networking-nftables-rulesetFile-default">Default</h3>
<p><code class="highlight"><span class="no">null</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nftables.nix">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nftables.nix</a></p>
<h2 id="networkingnftablestables" networking-nftables-tables="networking-nftables-tables"><code>networking.nftables.tables</code></h2>
<p>Tables to be added to ruleset.
Tables will be added together with delete statements to clean up the table before every update.</p>
<p><strong>Type:</strong> <code>attribute set of (submodule)</code></p>
<h3 id="default_9" networking-nftables-tables-default="networking-nftables-tables-default">Default</h3>
<p><code class="highlight"><span class="p">{</span> <span class="p">}</span></code></p>
<h3 id="example_4" networking-nftables-tables-example="networking-nftables-tables-example">Example</h3>
<p>`#!nix {
filter = {
content = ''
# Check out https://wiki.nftables.org/ for better documentation.
# Table for both IPv4 and IPv6.
# Block all incoming connections traffic except SSH and "ping".
chain input {
type filter hook input priority 0;</p>
<div class="highlight"><pre><span></span><code> # accept any localhost traffic
iifname lo accept
# accept traffic originated from us
ct state {established, related} accept
# ICMP
# routers may also want: mld-listener-query, nd-router-solicit
ip6 nexthdr icmpv6 icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept
ip protocol icmp icmp type { destination-unreachable, router-advertisement, time-exceeded, parameter-problem } accept
# allow &quot;ping&quot;
ip6 nexthdr icmpv6 icmpv6 type echo-request accept
ip protocol icmp icmp type echo-request accept
# accept SSH connections (required for a server)
tcp dport 22 accept
# count and drop any other traffic
counter drop
}
# Allow all outgoing connections.
chain output {
type filter hook output priority 0;
accept
}
chain forward {
type filter hook forward priority 0;
accept
}
&#39;&#39;;
family = &quot;inet&quot;;
</code></pre></div>
<p>};
}`</p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nftables.nix">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nftables.nix</a></p>
<h2 id="networkingnftablestablesnamecontent" networking-nftables-tables-_wzxhzdk:43_-content="networking-nftables-tables-<name>-content"><code>networking.nftables.tables.&lt;name&gt;.content</code></h2>
<p>The table content.
<strong>Type:</strong> <code>strings concatenated with "\n"</code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nftables.nix">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nftables.nix</a></p>
<h2 id="networkingnftablestablesnameenable" networking-nftables-tables-_wzxhzdk:46_-enable="networking-nftables-tables-<name>-enable"><code>networking.nftables.tables.&lt;name&gt;.enable</code></h2>
<p>Enable this table.
<strong>Type:</strong> <code>boolean</code></p>
<h3 id="default_10" networking-nftables-tables-_wzxhzdk:48_-enable-default="networking-nftables-tables-<name>-enable-default">Default</h3>
<p><code class="highlight"><span class="no">true</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nftables.nix">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nftables.nix</a></p>
<h2 id="networkingnftablestablesnamefamily" networking-nftables-tables-_wzxhzdk:51_-family="networking-nftables-tables-<name>-family"><code>networking.nftables.tables.&lt;name&gt;.family</code></h2>
<p>Table family.
<strong>Type:</strong> <code>one of "ip", "ip6", "inet", "arp", "bridge", "netdev"</code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nftables.nix">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nftables.nix</a></p>
<h2 id="networkingnftablestablesnamename" networking-nftables-tables-_wzxhzdk:54_-name="networking-nftables-tables-<name>-name"><code>networking.nftables.tables.&lt;name&gt;.name</code></h2>
<p>Table name.
<strong>Type:</strong> <code>string</code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nftables.nix">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nftables.nix</a></p>
</article>
</div>
<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
</div>
</main>
<footer class="md-footer">
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-copyright">
<div class="md-copyright__highlight">
Licenced MIT
</div>
Made with
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs
</a>
</div>
<div class="md-social">
<a href="https://git.auxolotl.org/auxolotl/docs" target="_blank" rel="noopener" title="Aux Docs Repo" class="md-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M16.777 0a2.9 2.9 0 1 1-2.529 4.322H12.91a4.266 4.266 0 0 0-4.265 4.195v2.118a7.076 7.076 0 0 1 4.147-1.42l.118-.002h1.338a2.9 2.9 0 0 1 5.43 1.422 2.9 2.9 0 0 1-5.43 1.422H12.91a4.266 4.266 0 0 0-4.265 4.195v2.319A2.9 2.9 0 0 1 7.222 24 2.9 2.9 0 0 1 5.8 18.57V8.589a7.109 7.109 0 0 1 6.991-7.108l.118-.001h1.338A2.9 2.9 0 0 1 16.778 0ZM7.223 19.905a1.194 1.194 0 1 0 0 2.389 1.194 1.194 0 0 0 0-2.389Zm9.554-10.464a1.194 1.194 0 1 0 0 2.389 1.194 1.194 0 0 0 0-2.39Zm0-7.735a1.194 1.194 0 1 0 0 2.389 1.194 1.194 0 0 0 0-2.389Z"/></svg>
</a>
<a href="https://forum.aux.computer/" target="_blank" rel="noopener" title="Aux Forum" class="md-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12.103 0C18.666 0 24 5.485 24 11.997c0 6.51-5.33 11.99-11.9 11.99L0 24V11.79C0 5.28 5.532 0 12.103 0zm.116 4.563a7.395 7.395 0 0 0-6.337 3.57 7.247 7.247 0 0 0-.148 7.22L4.4 19.61l4.794-1.074a7.424 7.424 0 0 0 8.136-1.39 7.256 7.256 0 0 0 1.737-7.997 7.375 7.375 0 0 0-6.84-4.585h-.008z"/></svg>
</a>
<a href="https://wiki.auxolotl.org/" target="_blank" rel="noopener" title="Aux Wiki" class="md-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M17.801 13.557c.148.098.288.202.417.313 1.854 1.6 3.127 4.656 2.582 7.311-1.091-.255-5.747-1.055-7.638-3.383-.91-1.12-1.366-2.081-1.569-2.885a5.65 5.65 0 0 0 .034-.219c.089.198.197.35.313.466.24.24.521.335.766.372.304.046.594-.006.806-.068l.001.001c.05-.015.433-.116.86-.342.325-.173 2.008-.931 3.428-1.566Zm-7.384 1.435C9.156 16.597 6.6 18.939.614 18.417c.219-1.492 1.31-3.019 2.51-4.11.379-.345.906-.692 1.506-1.009.286.168.598.332.939.486 2.689 1.221 3.903 1.001 4.89.573a1.3 1.3 0 0 0 .054-.025 6.156 6.156 0 0 0-.096.66Zm4.152-.462c.38-.341.877-.916 1.383-1.559-.389-.15-.866-.371-1.319-.591-.598-.29-1.305-.283-2.073-.315a4.685 4.685 0 0 1-.804-.103c.014-.123.027-.246.038-.369.062.104.673.057.871.057.354 0 1.621.034 3.074-.574 1.452-.608 2.55-1.706 3.022-3.225.474-1.52.22-3.091-.168-3.952-.169.709-1.453 2.381-1.926 2.871-.473.489-2.381 2.296-2.972 2.921-.7.74-.688.793-1.332 1.302-.202.19-.499.402-.563.53.027-.338.039-.675.027-.997a7.653 7.653 0 0 0-.032-.523c.322-.059.567-.522.567-.861 0-.224-.106-.247-.271-.229.075-.894.382-3.923 1.254-4.281.218.109.831.068.649-.295-.182-.364-.825-.074-1.081.266-.28.374-.956 2.046-.92 4.324-.113.014-.174.033-.322.033-.171 0-.321-.04-.433-.05.034-2.275-.714-3.772-.84-4.169-.12-.375-.491-.596-.781-.596-.146 0-.272.056-.333.179-.182.363.459.417.677.308.706.321 1.156 3.519 1.254 4.277-.125-.006-.199.035-.199.233 0 .311.17.756.452.843a.442.442 0 0 0-.007.03s-.287.99-.413 2.189a4.665 4.665 0 0 1-.718-.225c-.714-.286-1.355-.583-2.019-.566-.664.018-1.366.023-1.804-.036-.438-.058-.649-.15-.649-.15s-.234.365.257 1.075c.42.607 1.055 1.047 1.644 1.18.589.134 1.972.18 2.785-.377.16-.109.317-.228.459-.34a8.717 8.717 0 0 0-.013.626c-.289.753-.571 1.993-.268 3.338 0-.001.701-.842.787-2.958.006-.144.009-.271.01-.383.052-.248.103-.518.148-.799.072.135.151.277.234.413.511.842 1.791 1.37 2.383 1.49.091.019.187.032.285.038Zm-1.12.745c-.188.055-.445.1-.713.059-.21-.031-.45-.11-.655-.316-.169-.168-.312-.419-.401-.789a9.837 9.837 0 0 0 .039-.82l.049-.243c.563.855 1.865 1.398 2.476 1.522.036.008.072.014.109.02l-.013.009c-.579.415-.76.503-.891.558Zm6.333-2.818c-.257.114-4.111 1.822-5.246 2.363.98-.775 3.017-3.59 3.699-4.774 1.062.661 1.468 1.109 1.623 1.441.101.217.09.38.096.515a.57.57 0 0 1-.172.455Zm-9.213 1.62a1.606 1.606 0 0 1-.19.096c-.954.414-2.126.61-4.728-.571-2.023-.918-3.024-2.157-3.371-2.666.476.161 1.471.473 2.157.524.282.021.703.068 1.167.125.021.209.109.486.345.829l.001.001c.451.651 1.134 1.119 1.765 1.262.622.141 2.083.182 2.942-.407a3.12 3.12 0 0 0 .132-.093l.001.179a6.052 6.052 0 0 0-.221.721Zm5.512-1.271a17.49 17.49 0 0 1-1.326-.589c.437.042 1.054.083 1.692.108-.121.162-.244.323-.366.481Zm.932-1.26c-.12.17-.245.343-.373.517-.241.018-.478.03-.709.038a29.05 29.05 0 0 1-.741-.048c.608-.065 1.228-.252 1.823-.507Zm.22-.315c-.809.382-1.679.648-2.507.648-.472 0-.833.018-1.139.039v.001c-.324-.031-.665-.039-1.019-.054a3.555 3.555 0 0 1-.152-.009c.102-.002.192-.006.249-.006.363 0 1.662.034 3.151-.589 1.508-.632 2.645-1.773 3.136-3.351.37-1.186.31-2.402.086-3.312.458-.336.86-.651 1.147-.91.501-.451.743-.733.848-.869.199.206.714.864.685 2.138-.036 1.611-.606 3.187-1.501 4.154a9.099 9.099 0 0 1-1.321 1.132 11.978 11.978 0 0 0-.644-.422l-.089-.055-.051.091c-.184.332-.5.825-.879 1.374ZM4.763 5.817c-.157 1.144.113 2.323.652 3.099.539.776 2.088 2.29 3.614 2.505.991.14 2.055.134 2.055.134s-.593-.576-1.114-1.66c-.521-1.085-.948-2.104-1.734-2.786-.785-.681-1.601-1.416-2.045-1.945-.444-.53-.59-.86-.59-.86s-.656.175-.838 1.513Zm14.301 4.549a9.162 9.162 0 0 0 1.3-1.12c.326-.352.611-.782.845-1.265 1.315.145 2.399.371 2.791.434 0 0-.679 1.971-3.945 3.022l-.016-.035c-.121-.26-.385-.594-.975-1.036Zm-11.634.859a8.537 8.537 0 0 1-.598-.224c-1.657-.693-2.91-1.944-3.449-3.678-.498-1.601-.292-3.251.091-4.269.225.544.758 1.34 1.262 2.01a3.58 3.58 0 0 0-.172.726c-.163 1.197.123 2.428.687 3.24.416.599 1.417 1.62 2.555 2.193-.128.002-.253.003-.376.002Zm-1.758-.077c-.958-.341-1.901-.787-2.697-1.368C-.07 7.559 0 6.827 0 6.827s1.558-.005 3.088.179c.03.126.065.
</a>
</div>
</div>
</div>
</footer>
</div>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "../../..", "features": ["content.tooltips", "search.highlight", "navigation.tabs", "navigation.indexes", "navigation.prune"], "search": "../../../assets/javascripts/workers/search.b8dbb3d2.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
<script src="../../../assets/javascripts/bundle.fe8b6f2b.min.js"></script>
</body>
</html>
Copy permalink