37 lines
1.5 KiB
Plaintext
37 lines
1.5 KiB
Plaintext
# Configuration for /etc/init.d/nftables
|
|
|
|
# Location of the nftables rules file to load on the service start.
|
|
#rules_file="/etc/nftables.nft"
|
|
|
|
# Whether to save the state of stateful objects (or full ruleset, see
|
|
# $save_objects) on the service stopping.
|
|
#save_on_stop="no"
|
|
|
|
# File path where to save the nftables state on the service stopping.
|
|
# Defaults to $rules_file if $save_objects is "ruleset".
|
|
#save_file="/var/lib/nftables/state.nft"
|
|
|
|
# A space-separated list of stateful objects to save on the service stop.
|
|
#
|
|
# If you want to save the full ruleset, set it to "ruleset" (that's the default
|
|
# value, for backward compatibility). Please note that this is discouraged;
|
|
# it's highly recommended to write nftable rules by hand and organize them in
|
|
# files /etc/nftables.d/<name>.nft (included by /etc/nftables.nft).
|
|
save_objects="counters limits quotas"
|
|
|
|
# Options to pass to nft on save.
|
|
#save_options=""
|
|
|
|
# Enable IPv4/IPv6 forwarding with the rules?
|
|
# Note: If you want to enable forwarding only on selected interfaces,
|
|
# keep this disabled and enable forwarding using /etc/sysctl.conf.
|
|
enable_forwarding="yes"
|
|
|
|
# If you need to log nftables messages as soon as nftables starts,
|
|
# AND your logger does NOT depend on the network, then you may wish
|
|
# to uncomment the next line.
|
|
# If your logger depends on the network, and you uncomment this line
|
|
# you will create an unresolvable circular dependency during startup.
|
|
# After commenting or uncommenting this line, you must run 'rc-update -u'.
|
|
#rc_use="logger"
|