Hello, I recently switch from iptables to nftables (I have a very simple/personal firewall). When I built my iptables firewall I refereed to the packet flow diagram (by Jan Engelhardt) on iptables Wikipedia web page : https://en.wikipedia.org/wiki/Iptables#/media/File:Netfilter-packet-flow.svg Using this diagram for nftables firewall is hard as some concept changed. I did some tests and draw my own diagram (using yed editor) covering all netdev, ip, ip6, inet, bridge and arp tables : https://pelican.craoc.fr/#packet-flow Direct URL and yed sources : * https://pelican.craoc.fr/images/packet_flow.svg * https://pelican.craoc.fr/images/packet_flow.graphml Can you please verify it ? Feedback would be much appreciated :) I am not a network expert but the subject interest me and I would like to know if I misunderstand something. I put this diagram on CC-BY-SA license so feel free to use/modify it if you like. Note: I draw an arp-forward-filter chain in the diagram because I can create one, but I can't actually saw any packet going through it. I think it's a bug, so I draw it anyway. More informations : * https://pelican.craoc.fr/#arp-vm1-vm2 * http://marc.info/?l=netfilter&m=149410713429067 -- Regards Maxime de Roucy
Attachment:
signature.asc
Description: This is a digitally signed message part
