nftables
Différences
Ci-dessous, les différences entre deux révisions de la page.
| Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédente | ||
| nftables [2023/03/02 07:34] – [Présentation] pascal | nftables [2023/07/04 10:55] (Version actuelle) – modification externe 127.0.0.1 | ||
|---|---|---|---|
| Ligne 6: | Ligne 6: | ||
| ===== Installation ===== | ===== Installation ===== | ||
| < | < | ||
| - | root@mazarini: | + | root@mazarini: |
| </ | </ | ||
| - | ===== Configuration /etc/ntp.conf ===== | + | ===== Configuration /etc/nftables.conf ===== |
| ==== Configuration initiale ==== | ==== Configuration initiale ==== | ||
| + | Il n'y a pas de règle activée. | ||
| < | < | ||
| - | # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help | + | #!/usr/sbin/nft -f |
| - | driftfile / | + | flush ruleset |
| - | + | table inet filter { | |
| - | # Enable this if you want statistics to be logged. | + | chain input { |
| - | #statsdir / | + | type filter hook input priority |
| - | + | } | |
| - | statistics loopstats peerstats clockstats | + | chain forward { |
| - | filegen loopstats file loopstats | + | type filter hook forward priority |
| - | filegen peerstats file peerstats type day enable | + | } |
| - | filegen clockstats file clockstats type day enable | + | chain output { |
| - | + | type filter hook output priority | |
| - | + | } | |
| - | # You do need to talk to an NTP server or two (or three). | + | } |
| - | #server ntp.your-provider.example | + | |
| - | + | ||
| - | # pool.ntp.org maps to about 1000 low-stratum NTP servers. | + | |
| - | # pick a different set every time it starts up. Please consider joining the | + | |
| - | # pool: < | + | |
| - | server | + | |
| - | server 1.debian.pool.ntp.org iburst | + | |
| - | server 2.debian.pool.ntp.org iburst | + | |
| - | server 3.debian.pool.ntp.org iburst | + | |
| - | + | ||
| - | + | ||
| - | # Access control configuration; see / | + | |
| - | # details. | + | |
| - | # might also be helpful. | + | |
| - | # | + | |
| - | # Note that " | + | |
| - | # that might be intended to block requests from certain clients could also end | + | |
| - | # up blocking replies from your own upstream servers. | + | |
| - | + | ||
| - | # By default, exchange time with everybody, but don't allow configuration. | + | |
| - | restrict -4 default kod notrap nomodify nopeer noquery | + | |
| - | restrict -6 default kod notrap nomodify nopeer noquery | + | |
| - | + | ||
| - | # Local users may interrogate the ntp server more closely. | + | |
| - | restrict 127.0.0.1 | + | |
| - | restrict ::1 | + | |
| - | + | ||
| - | # Clients from this (example!) subnet have unlimited access, but only if | + | |
| - | # cryptographically authenticated. | + | |
| - | #restrict 192.168.123.0 mask 255.255.255.0 notrust | + | |
| - | + | ||
| - | + | ||
| - | # If you want to provide time to your local subnet, change the next line. | + | |
| - | # (Again, the address is an example only.) | + | |
| - | #broadcast 192.168.123.255 | + | |
| - | + | ||
| - | # If you want to listen to time broadcasts on your local subnet, de-comment the | + | |
| - | # next lines. | + | |
| - | #disable auth | + | |
| - | # | + | |
| </ | </ | ||
| ==== Choisir son serveur de référence ==== | ==== Choisir son serveur de référence ==== | ||
nftables.1677742487.txt.gz · Dernière modification : 2023/07/04 10:55 (modification externe)