我尝试了以下命令,但仍然不允许 DNS 流量。我做错了什么?
nft add table inet tarffic
nft add chain inet traffic INPUT '{ type filter hook input priority 100; policy drop; }'
nft add rule inet traffic INPUT ip protocol icmp accept
nft add rule inet traffic INPUT ct state established,related accept
nft add rule inet traffic INPUT udp dport 53 accept
nft add rule inet traffic INPUT tcp dport 53 accept
nft add chain inet traffic OUTPUT '{ type filter hook output priority 100; policy drop; }'
nft add rule inet traffic OUTPUT ip protocol icmp accept
nft add rule inet traffic OUTPUT ct state established,related accept
nft add rule inet traffic OUTPUT udp dport 53 accept
nft add rule inet traffic OUTPUT tcp dport 53 accept