Hi,
in the nft wiki is recommended to add an extra chain to do the
tracing. Why is that the case?
Does anything speak against inserting an nftrace rule before the rule
I need to trace in the chain?
e.g
If I have this chain:
table inet example_table {
chain example_chain {
type filter hook input priority filter; policy drop;
tcp dport ssh accept
}
}
would do this:
table inet example_table {
chain example_chain {
type filter hook input priority filter; policy drop;
tcp dport ssh meta nftrace set 1 <implicit continue>
tcp dport ssh accept
}
}
