oBuTr471b · February 8, 2021 04:25
diff --git a/nft3: persisting the ruleset b/nft3: persisting the ruleset
 # In The Name Of Allah .
 # -- --- ---- -- ----- -
 # Fri Jan 22 05:48:48 2021
 # Written By : zer0err0r .
 # ======= == = ========= =
  
 # 3, Persisting Our SPI Ruleset .
  $ nft list ruleset > spi_nftables
  $ nft flush ruleset
  $ nft -f spi_nftables
  $ nft list ruleset > /etc/sysconfig/nftables.conf
  $ systemctl enable nftables

  # First line :
    = We redirected our ruleset into a file, The same way that we was doing with IPTables .

  # Second line :
    = We just [flush]ed our ruleset in order to see how we can restore them .
    = So, If you now do [nft list ruleset], You wont get anything .

  # Third line :
    = This is how we make NFTables read the ruleset from a file .
    = But still, We just made it read the ruleset and put it in the memory, We didnt persist it yet .

  # Fourth and Fifth lines :
    = This is how we persist it .
    = We write our ruleset into the file [/etc/sysconfig/nftables.conf] .
    = This file will be readed by the NFTables service when it starts .

  
  # Converting IPTables ruleset into NFTables :
    $ iptables-save > iptables_ruleset
    $ iptables-restore-translate -f iptables_ruleset > converted_ruleset
    $ cat converted_ruleset
    $ nft -f converted_ruleset
    $ nft list ruleset > /etc/sysconfig/nftables.conf


  # Final notes :
    = [/etc/nftables/] has some samples for [route] and [nat] chain types .
    = We can write our ruleset using another syntax, I mean inside a file like the spi_nftables file syntax .

 # ===== == ==== ======== =
 # Peace Be Up0n Muhammed .
	# In The Name Of Allah .
	# -- --- ---- -- ----- -
	# Fri Jan 22 05:48:48 2021
	# Written By : zer0err0r .
	# ======= == = ========= =

	# 3, Persisting Our SPI Ruleset .
	$ nft list ruleset > spi_nftables
	$ nft flush ruleset
	$ nft -f spi_nftables
	$ nft list ruleset > /etc/sysconfig/nftables.conf
	$ systemctl enable nftables

	# First line :
	= We redirected our ruleset into a file, The same way that we was doing with IPTables .

	# Second line :
	= We just [flush]ed our ruleset in order to see how we can restore them .
	= So, If you now do [nft list ruleset], You wont get anything .

	# Third line :
	= This is how we make NFTables read the ruleset from a file .
	= But still, We just made it read the ruleset and put it in the memory, We didnt persist it yet .

	# Fourth and Fifth lines :
	= This is how we persist it .
	= We write our ruleset into the file [/etc/sysconfig/nftables.conf] .
	= This file will be readed by the NFTables service when it starts .


	# Converting IPTables ruleset into NFTables :
	$ iptables-save > iptables_ruleset
	$ iptables-restore-translate -f iptables_ruleset > converted_ruleset
	$ cat converted_ruleset
	$ nft -f converted_ruleset
	$ nft list ruleset > /etc/sysconfig/nftables.conf


	# Final notes :
	= [/etc/nftables/] has some samples for [route] and [nat] chain types .
	= We can write our ruleset using another syntax, I mean inside a file like the spi_nftables file syntax .

	# ===== == ==== ======== =
	# Peace Be Up0n Muhammed .