NFTables

# 所有规则
nft list ruleset
# 导出为 JSON
nft -j list ruleset
# 清除规则
nft flush ruleset
# 清除单个 famliy 规则
nft flush ruleset arp
nft flush ruleset ip
nft flush ruleset ip6
nft flush ruleset bridge
nft flush ruleset inet
# 应用规则
nft -f rule.nft
# 转义
# nft add rule ip filter INPUT tcp dport 22 ct state new counter accept
iptables-translate -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
# 单个规则只能使用句柄删除
# 查看
nft --handle --numeric list chain inet filter input
# 删除
nft delete rule inet fltrTable input handle 10
# 清空表
nft flush table foo
# 清空链
nft flush chain foo bar
nft delete rule ip6 foo bar
nft describe tcp flags
nft describe ct_state
nft describe icmp_type