Hello, everyone. I have a weird problem! This is my nft code: ``` nft add counter filter test-icmp-output nft add counter filter test-icmp-input nft add rule filter OUTPUT meta cgroup != 0x001000 ip daddr 8.8.8.8 ip protocol icmp counter name test-icmp-output nft add rule filter INPUT meta cgroup != 0x001000 ip saddr 8.8.8.8 ip protocol icmp counter name test-icmp-input ``` Pinging 8.8.8.8 works. The packets are visible on tcpdump too. The cgroup id 0x001000 does not exist, so every packet should match. Still, the output counter counts the expected number of packets, the second stays 0. What am I doing wrong? -- Your sincerely, Vladimir Nikishkin (MiEr, lockywolf) (Laptop)
