Dear Duncan,
thank you for looking into this! I'm sorry for not having replied to
you sooner... I'm having exams right now so I'm short on time...
I carefully read all your examples and learned a lot from it, thank you
for posting it. I hope I soon have more time for experimenting
with netfilter again...
> > while stand-alone *nft list ruleset* shows:
> >
> > > table inet filter {
> > > chain input {
> > > type filter hook input priority 100; policy drop;
> > > iif != "wlan0" accept
> > > tcp dport ssh counter packets 0 bytes 0 accept
> > > tcp dport ssh counter packets 0 bytes 0 accept
> > > counter packets 0 bytes 0 log prefix "nft6: "
> > > level debug }
> > > }
> >
> I just re-tried this with the latest git snapshot (latest change
> 2018-02-15), and the output from stand-alone *nft list ruleset* has
> changed to:
>
> > table inet filter {
> > chain input {
> > type filter hook input priority 100; policy drop;
> > iif != "wlan0" accept
> > ip6 nexthdr tcp tcp dport ssh counter packets 0
> > bytes 0 accept meta nfproto ipv6 tcp dport ssh counter packets 0
> > bytes 0 accept meta l4proto ipv6-icmp counter packets 1 bytes 72
> > accept counter packets 1 bytes 84 log prefix "nft6: " level debug
> > }
> > }
>
> i.e. exactly as per the original script (whitespace and counter
> values excepted)
Great! So it seems there was an issue with "nft" and it has been
corrected. :)
Thanks!
--
Merlin Büge
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
