Hi
we are testing the NAT in nftables.
we are running SCTP traffics with below rules originally.
table ip nat {
chain prerouting {
type nat hook prerouting priority 0; policy accept;
sctp dport diameter ip saddr 10.0.1.51 ip daddr
10.0.1.46 dnat 10.1.1.47
sctp dport diameter ip saddr 20.0.1.51 ip daddr
20.0.1.46 dnat 20.1.1.47
}
chain POSTROUTING {
type nat hook postrouting priority 0; policy accept;
ip daddr 10.0.1.51 snat 10.0.1.46
ip daddr 20.0.1.51 snat 20.0.1.46
}
chain postrouting {
type nat hook postrouting priority -150; policy accept;
}
}
the SCTP traffics be be NATed.
then we remove the rule "sctp dport diameter ip saddr 10.0.1.51 ip
daddr 10.0.1.46 dnat 10.1.1.47", but we still see the traffics is go
through.
is there any command needed to refresh the nftable? or we need to
delete the state using conntrack tools?
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
