Linux 薄荷。uname -r產量5.15.0-56。dpkg-查詢-l bash產量5.1.6ubuntu1。
我的腳本顯示了這個有問題的輸出bash -x 腳本調用:
attrib =' '\''{type nat hook prerouting priority mangle+10;}'\'' '
但從命令列:
sudo nft create chain inet firewalld mangle_PREROUTING '{ type nat hook prerouting priority mangle + 10 ;}'
效果很好。
該腳本複製 fedora nft 樹。
x=$(sudo nft -a list tables)
if [[ $x != '' ]]; then
sudo nft flush table inet firewalld
sudo nft delete table inet firewalld
fi
sudo nft create table inet firewalld
for stage in mangle net filter;do
for step in _PREROUTING _OUTPUT _INPUT _IN_workstation; do
meat=${step/_/}
priority=${stage/_/}
a=${step/_[a-zA-Z]+/_}
b=${stage/_[a-zA-Z]+/_}
if [[ $stage =="__"]]; then
type="nat"
else
type="filter"
fi.
hook=${meat,,} #translate to all lowercase.
attrib=" '{ type "$type" hook "$hook" priority "$priority"+10;}'"
if[[ $a$b == "__" ]]; then
cmd=" insert rule inet firewalld $stage$step" ;
sudo nft $cmd
else
cmd=" create chain inet firewalld $stage$step $attrib";
sudo nft $cmd
fi
done
done
答案1
刪除大括號周圍的單引號就是答案。我嘗試這樣做是因為我認為 shell 腳本(和 sudo)正在為 nft 執行 fork/exec,沒有 shell 解釋。