Pavel Melnik <p.melnyk@xxxxxxxxxxxxxxxxxx> wrote: > We were asked to implement functionality to drop fragmented IPv6 packets, > addressed to local interface, on device based 3.12 kernel Urgh. I'd just change NF_IP6_PRI_RAW to -450 and use ip6tables rules in raw table. > But we observed the 'same' issue if try to use nftables on > 3.13.0-163-generic PC kernel. No tables and chains are created by nft cmd, > or at least displayed by 'nft list tables' Thats normal, nftables has no builtin tables. nft add table ip6 filter nft add chain ... and so on.
