nftables中inet、ip和ip6地址族的数据包处理顺序?

tag-icon tag-icon nftables
nftables中inet、ip和ip6地址族的数据包处理顺序?

nftablesip适用于 IPv4、ip6IPv6 和inet两者的系列。

# Match IPv4 and IPv6
table inet filter {
  chain input {
    type filter hook input priority filter; policy drop;
    tcp dport 443 accept
  }
}

# Match IPv4
table ip filter {
  chain input {
    type filter hook input priority filter; policy drop;
    tcp dport 443 accept
  }
}

# Match IPv6
table ip6 filter {
  chain input {
    type filter hook input priority filter; policy drop;
    tcp dport 443 accept
  }
}

这种情况下的处理顺序是怎样的?

相关内容