Good day,
I'm trying setup multiple forward chains and can't get it to work.
This is a simple setup to compare how it could look in iptables.
iptables -F
iptables -X
iptables -P FORWARD DROP
iptables -N TEST
iptables -A TEST -p icmp -j ACCEPT
iptables -A FORWARD -j TEST
I was trying this (icmp is getting accepted due to higher priority?)
table ip filter {
chain forward_accept {
type filter hook forward priority -10; policy accept;
ip protocol icmp counter accept
}
}
table ip filter {
chain forward_drop {
type filter hook forward priority 10; policy drop;
counter comment "count dropped packets"
}
}
Any idea whats the best way to get there?
THX Matt
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
