Phil Sutter <phil@xxxxxx> wrote:
> Hi,
>
> This is about tests/shell/testcases/nft-f/0008split_tables_0, which adds
> the following simple ruleset:
>
> | table inet filter {
> | chain ssh {
> | type filter hook input priority 0; policy accept;
> | tcp dport ssh accept;
> | }
> | }
> |
> | table inet filter {
> | chain input {
> | type filter hook input priority 1; policy drop;
> | }
> | }
>
> If applied, it kills my SSH connection. :(
Yes, thats expected.
First ssh base chain gets invoked, which accepts any packet
either by verdict or policy.
Then next base chain gets consulted which drops the packet.
I would suggest to either swap the policies or duplicate the ssh
rule into the input chain too.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
