`nftlushruleset`无法永久删除所有规则?

tag-icon tag-icon nftables
`nftlushruleset`无法永久删除所有规则?

列出当前所有规则集:

sudo nft list ruleset
table inet filter {
    chain input {
        type filter hook input priority 0; policy accept;
        iif "lo" accept
    }

    chain forward {
        type filter hook forward priority 0; policy drop;
    }

    chain output {
        type filter hook output priority 0; policy accept;
    }
}

删除所有规则集:

sudo nft flush ruleset

再次列出规则集:

sudo nft list ruleset   
#nothing shown on the output

重新启动电脑并列出所有规则集:

sudo nft list ruleset
table inet filter {
    chain input {
        type filter hook input priority 0; policy accept;
        iif "lo" accept
    }

    chain forward {
        type filter hook forward priority 0; policy drop;
    }

    chain output {
        type filter hook output priority 0; policy accept;
    }
}

我得出的结论是nft flush ruleset不能永久删除所有规则,那么如何永久删除所有规则集呢?

答案1

你说

重新启动电脑并列出所有规则集:

检查是否/etc/nftables.conf存在,您也应该清空或删除它,然后运行nft flush ruleset

根据您的发行版,您可能想要删除软件包,就像netfilter-persistent您不需要它们一样根本不

相关内容