Hi
> Gesendet: Donnerstag, 06. Mai 2021 um 17:51 Uhr
> Von: "Pablo Neira Ayuso" <pablo@xxxxxxxxxxxxx>
> > > chain FORWARD {
> > > type filter hook forward priority 0; policy drop;
> > >
> > > tcp flags syn tcp option maxseg size set rt mtu
> > > ct state vmap { established : jump FORWARD_established, related : jump FORWARD_established, new : jump FORWARD_new }
tried this way, seems to work so far, i have only problem on removing my ruleset with iptables (have this to reset my complete firewall, not only nft).
iptables -X
iptables v1.8.2 (nf_tables): CHAIN_USER_DEL failed (Device or resource busy): chain FORWARD_known
i guess iptables cannot delete chain cause it is linked by ctstate vmap any idea?
is order important of defined chains? maybe i can move the 2 new forward-chains below old with "ct state vmap"
regards Frank
