Hello Florian,
I am just thinking about what I did now when I changed the priority to
filter. For prerouting it is clear, since there is no other chain with
hook prerouting. But for output there is another one in the table
filter. Which one is proceeded first if they are the same priority?
what is they have conflicting policy? If the first one is drop, the
second chain will not proceed if not allowed in the first one?
If these priorities should be filter would not it be making more sense
to move the rules to the chains in the table filter?
Marek
2020-06-22 19:18 GMT+02:00, Marek Greško <mgresko8@xxxxxxxxx>:
> Hello,
>
> after changing priority it is working. It was a configuration error or a
> bug?
>
> Marek
>
>
> 2020-06-22 14:06 GMT+02:00, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>:
>> On Sun, Jun 21, 2020 at 07:54:14AM +0200, Marek Greško wrote:
>>> Hello,
>>>
>>> I have problem to get connection tracking work when using nftables. I
>>> have this setup on my fedora 32:
>>>
>>> table ip raw {
>>> chain PREROUTING {
>>> type filter hook prerouting priority raw; policy accept;
>>
>> Could you try from the filter (0) priority instead ?
>>
>> type filter hook prerouting priority filter; policy
>> accept;
>>
>> Thanks.
>>
>
