Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Am 04.10.19 um 12:44 schrieb Jags:
> Should I modify it to the following:
> 
> :::
> chain output {
>                 type filter hook output priority 0; policy accept;
> 
>                 ip daddr 123.0.0.0/8 counter reject  }
> :::
> 
> and
> 
> :::
> chain input {
>                 type filter hook input priority 0; policy drop;
> 
>                 ip saddr 123.0.0.0/8 counter drop  }
> :::

surely, and that on top of the ruleset before any accept-rule, there is
no point to mention "ct state" when you just want to block communication
from and to a ip unconditionally
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux