Incomprehensible behavior

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



(I'm so sorry... my previous post is in failed format... please ignore)

Hello @ all

I'm still struggling anymore with the new syntax at
ApplicationLayerGateway/FTP and testing with smallest steps. In doing
so I have now come across the following effect. I have 2 test-rules
here, both of which i expected to completely block any outgoing
traffic.

But as you can see from the second example in the counter, only here is
blocked. The first example has no effect at all, everything works as if
it was not blocked.

# nft list ruleset
table ip filter {
 chain output {
 type filter hook output priority 0; policy drop;
 meta pkttype { 0, 1, 2 } accept
 counter packets 0 bytes 0 reject with icmp 13
 }
}

# nft list ruleset
table ip filter {
 chain output {
 type filter hook output priority 0; policy drop;
 meta pkttype { 1, 2 } accept
 counter packets 1858 bytes 165434 reject with icmp 13
 }
}

Is this a desired behavior, when a unicast-accept virtually neutralizes
the complete filter? How do I deal with this problem?

Best Regards
Thomas





[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux