Re: nftables: origin sport after dstnat

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Aaron Fischer <mail@xxxxxxxxxxxxxxxxx> wrote:
>     chain FORWARD {
>         type filter hook forward priority filter
>         policy drop
>         ct original proto-src 8448 accept

You need to prepend the l4 protocol that needs to be matched.

meta l4proto tcp ct original proto-src 8448 accept

> Why is 8448 an "invalid" type?

Because nft can't infer it from the available info.
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux