I have config:
and it works fine. But this version doesnt work at all and blocking tcp, ssh and other connections (also outcoming as I think) even if it ip in whitelist:
I thought its almost the same.
Additional details: server runs behind provider firewall (which we configured to allow only tcp connections, no udp, no icmp).
Can someone explain why second option doesnt work and how I can fix it?
Code:
table netdev rawinput {
set cyberwhite4 {
type ipv4_addr
flags timeout
elements = { my_ips_here }
}
set cyberwhite6 {
type ipv6_addr
flags timeout
}
chain rawchain {
type filter hook ingress device "eth0" priority -470; policy accept;
ip saddr != @cyberwhite4 drop
ip6 saddr != @cyberwhite6 drop
}
}
Code:
table netdev rawinput {
set cyberwhite4 {
type ipv4_addr
flags timeout
elements = { my_ips_here }
}
set cyberwhite6 {
type ipv6_addr
flags timeout
}
chain rawchain {
type filter hook ingress device "eth0" priority -470; policy drop;
ip saddr @cyberwhite4 accept
ip6 saddr @cyberwhite6 accept
}
}
Additional details: server runs behind provider firewall (which we configured to allow only tcp connections, no udp, no icmp).
Can someone explain why second option doesnt work and how I can fix it?