Output text modifier

source: https://wiki.nftables.org/wiki-nftables/index.php/Output_text_modifiers

 

이전 글: 룰셋 Ruleset debug/tracing

다음 글: nftables examples

 

https://wiki.nftables.org/wiki-nftables/index.php/Output_text_modifiers 여기에 나타난 modifier와 필자의 Ubuntu 시스템에서 이용할 수 있는 modifier가 다릅니다. 

 

salsal@r3:~$ lsb_release -d
Description:	Ubuntu 18.04.5 LTS
salsal@r3:~$ sudo apt policy nftables
nftables:
  Installed: 0.8.2-1
  Candidate: 0.8.2-1
  Version table:
 *** 0.8.2-1 500
        500 http://kr.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
        100 /var/lib/dpkg/status

salsal@r3:~$ dpkg -l nftables
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                   Version          Architecture     Description
+++-======================-================-================-==================================================
ii  nftables               0.8.2-1          amd64            Program to control packet filtering rules by Netfi

salsal@r3:~$ sudo nft -h
Usage: nft [ options ] [ cmds... ]

Options:
  -h, --help			Show this help
  -v, --version			Show version information

  -c, --check			Check commands validity without actually applying the changes.
  -f, --file <filename>		Read input from <filename>
  -i, --interactive		Read input from interactive CLI

  -n, --numeric			When specified once, show network addresses numerically (default behaviour).
  				Specify twice to also show Internet services (port numbers) numerically.
				Specify three times to also show protocols, user IDs, and group IDs numerically.
  -s, --stateless		Omit stateful information of ruleset.
  -N				Translate IP addresses to names.
  -a, --handle			Output rule handle.
  -e, --echo			Echo what has been added, inserted or replaced.
  -I, --includepath <directory>	Add <directory> to the paths searched for include files. Default is: /etc
  --debug <level [,level...]>	Specify debugging level (scanner, parser, eval, netlink, mnl, proto-ctx, segtree, all)

salsal@r3:~$

제대로 사용할 수 있는 modifier는 -n을 한 번 입력, -n을 2번 입력한 정도입니다 

  -n, --numeric			When specified once, show network addresses numerically (default behaviour).
  				Specify twice to also show Internet services (port numbers) numerically.
				Specify three times to also show protocols, user IDs, and group IDs numerically.

아래는 -n을 2번 입력한 결과입니다. port number (ssh)를 숫자 22로 보여줍니다. 

salsal@r3:~$ sudo nft list ruleset
table ip filter {
	chain input {
		type filter hook input priority 0; policy drop;
		ct state established,related counter packets 157515 bytes 6363916 accept
		ct state new tcp dport ssh counter packets 0 bytes 0 accept
	}

	chain trace_chain {
		type filter hook prerouting priority -1; policy accept;
		icmp type { echo-reply, echo-request } nftrace set 1
	}
}
salsal@r3:~$ sudo nft -n -n list ruleset
table ip filter {
	chain input {
		type filter hook input priority 0; policy drop;
		ct state established,related counter packets 157680 bytes 6371948 accept
		ct state new tcp dport 22 counter packets 0 bytes 0 accept
	}

	chain trace_chain {
		type filter hook prerouting priority -1; policy accept;
		icmp type { echo-reply, echo-request } nftrace set 1
	}
}

이전 글: 룰셋 Ruleset debug/tracing

다음 글: nftables examples