On Tue, Feb 06, 2018 at 05:28:09PM +0100, Merlin Büge wrote: > Hey all, > > I'm playing around with nftables and wonder how I could filter e.g. > only ipv6 SSH traffic in an inet table? > > I've set up a basic inet filter table with the three chains input, > forward and output. > > When I then do: > > "nft add rule inet filter input ip6 nexthdr tcp tcp dport ssh drop" > > ... "nft list ruleset" is showing my only "tcp dport ssh drop", so it > seems the ipv6 bit got missed. I also tried: > > "nft add rule inet filter input meta nfproto ipv6 tcp dport ssh drop" > > ... but it yields to the same output. > > What am I doing wrong here? > > Note that I'm not wanting to actually drop IPv6 SSH traffic, I'm just > trying to get used to nftables :) > > I'm using nftables v0.8.2 on an up-to-date archlinux. > > Any pointer appreciated! > > Thanks! > -- > Merlin Büge <toni@xxxxxxxxxxxx> Hi Merlin, Could you possibly post all of the output from nft list ruleset? That would give us some context around the one-liner, Cheers ... Duncan. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
