For this lab, you need a clean snapshot of your Ubuntu virtual machine:
- Restore your Ubuntu virtual machine to a clean snapshot to clear out any firewall configurations that you created previously. Verify with the commands:
sudo ufw status
sudo iptables -L
You should see no rules listed for iptables, and the ufw status should be inactive.
- Install the nftables package:
sudo apt install nftables
- List the tables, which should give you no output. Load the default configuration file, and list both the tables and the rules:
sudo nft list tables
sudo nft -f /etc/nftables.conf
sudo nft list tables
sudo nft list table inet filter
- Make a backup copy of the nftables configuration file:
sudo cp /etc/nftables.conf /etc/nftables.conf.bak
- Open the original /etc/nftables.conf file in your text editor. Just before the tcp dport . . . accept line, insert this line:
tcp dport ssh ip saddr { 192.168.0.7, 192.168.0.10 } drop
Save the file and exit the text editor.
- Reload the configuration and view the results:
sudo nft list tables
sudo nft -f /etc/nftables.conf
sudo nft list tables
sudo nft list table inet filter
- End of lab.