Hi,
I can reject a TCP packet in nftables with:
ip protocol tcp reject with type port-unreachable
This shows up in a nmap scan and on Wireshark.
However, if I try:
ip protocol udp reject with type port-unreachable
netfilter seems to simply drop the packet.
Am I missing something here? Should it be possible to reject a UDP
packet? My belief is that it should because if I:
nmap --reason -sU -p 12345 <remote Debian host with no firewall>
I get:
PORT STATE SERVICE REASON
12345/udp closed italk port-unreach ttl 64
back, which is an ICMP port unreachable message. I just can't seem to
get nftables to do the same.
Any advice?
Thanks in advance,
Gareth Williams
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
