toml <toml@xxxxxxx> wrote:
> (I'm so sorry... my previous post is in failed format... please ignore)
>
> Hello @ all
>
> I'm still struggling anymore with the new syntax at
> ApplicationLayerGateway/FTP and testing with smallest steps. In doing
> so I have now come across the following effect. I have 2 test-rules
> here, both of which i expected to completely block any outgoing
> traffic.
>
> But as you can see from the second example in the counter, only here is
> blocked. The first example has no effect at all, everything works as if
> it was not blocked.
>
> # nft list ruleset
> table ip filter {
> chain output {
> type filter hook output priority 0; policy drop;
> meta pkttype { 0, 1, 2 } accep
What do you expect that line to do?
This accepts all packets, so all trailing rules
are bypassed and chain policy has no effect.
