On Mon, Oct 05, 2020 at 12:56:00PM +0000, ѽ҉ᶬḳ℠ wrote:
> I am trying to get a granular logging rule going, combining tcp and udp
> sports for ip6 saddr but somehow failing:
>
>
> tcp sport != { 80, 443, 993, 5228 } udp sport != 19302 ip6 saddr @g_6 log
> flags all prefix "G_C :" continue
>
> -> Error: conflicting protocols specified: tcp vs. udp
I suggest you express things is less convoluted ways, ie. positive
logic and default action to drop in your ruleset.
nft add rule ip6 x y meta l4proto . th dport { tcp . 80, tcp . 443, tcp . 993, tcp . 5228, udp . 19302 } ip6 saddr @y accept
You can set default policy in the chain to drop.
