nftables

I have few dropped outbound packets in my firewall log that look like this: DROP default new_out_4: IN= OUT=<NIC> SRC=<local IP> DST=<remote IP> LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=43196 DF PROTO=TCP SPT=42618 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 UID=1 GID=1 I know it's root user that's...

I have nftables configured and that's what's used for firewalling, but out of curiosity I've run iptables in terminal and figured out it's installed and configured to allow all traffic. I'm not sure how is it possible that 2 firewalls are installed at the same time. I don't know if iptables...

Hi everyone. I am setting up my firewall and want to close services, which open in docker too, in one place. So, my rules look like this: nft add table inet PREROUTING nft 'add chain inet PREROUTING lower_filter { type filter hook prerouting priority -130; policy drop; }' nft add rule inet...

Hi everyone, I'm trying to do a apt --update but I get -> So the DNS resolution is passing but not to connection to deb.devuan.org:80 :( It's my nftables that block it but I don't what to open to allow the connection Here my nftables table ip6 Tip6 { chain chPR { type filter...

OS: Debian 11 x86_64 I am looking to convert some of my iptable rules to nftables. I have tried to use iptables-translate, but it is not translating all of my rules. My original iptables script: #!/bin/sh sudo apt install iptables # accept ports 500 and 4500, required for IKEv2 sudo...

Hi everyone, I followed this tutorial to externalize my nftables log to another log than /var/log/messages it work, unfortunately the date format is I would like to change it to something close to I've looked in the ulogd documentation but found nothing about it... Any ideas ? or other...

Hi everyone, How can we add saddr to icmp ? for example table ip Tip { type filter hook input priority 0; policy drop; icmp type echo-request counter log prefix "echo: " accept } How can I specify a source address ? I've tried table ip Tip { type filter hook input priority 0...