Daniel <tech@xxxxxxxxxx> wrote:
>
> Le 14/08/2020 à 13:36, Reindl Harald a écrit :
> >
> > Am 14.08.20 um 13:21 schrieb Daniel:
> > > Le 14/08/2020 à 13:07, Pablo Neira Ayuso a écrit :
> > > > On Thu, Aug 13, 2020 at 12:28:34PM +0000, Andreas Hoefler wrote:
> > > > > Hi
> > > > >
> > > > > I have a chain with default policy drop.
> > > > > I would like to first have the default policy set to accept, then add
> > > > > rules and later change it to drop.
> > > > > Is this possible?
> > > > For the record:
> > > >
> > > > nft add chain x y { policy accept\; }
> > > >
> > > > Assuming an existing basechain 'y'. The backlash (\) before the
> > > > semicolon is there in case of invoking this from bash.
> > > From bash how to you set priority leaded by - like priority -150 \; We
> > > always get invalid option
> > >
> > > dh@peech:~$ sudo nft add chain ip6 mangle output { type nat hook
> > > prerouting priority -350 \; policy accept \; }
> > > nft: invalid option -- '3'
> > because you don't escape - with \-
> I already tested by escaping - sign, same error
> > don't nft understand quoted params?
> >
> > nft add chain ip6 mangle output "{ type nat hook prerouting priority
> > -350 ; policy accept ; }"
> Not working either
>
> dh@peech:~$ sudo nft add chain ip6 mangle prerouting "{ type nat hook
> prerouting priority -350 ; policy accept ; }"
> Error: Could not process rule: Operation not supported
> add chain ip6 mangle prerouting { type nat hook prerouting priority -350;
> policy accept; }
Historic artifact, try a value larger than -200, e.g. -199.
I've sent a patch to zap this outdated check.
