Hi Pablo,
On Sun, Aug 27, 2023 at 4:11 PM Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
>
> On Fri, Aug 25, 2023 at 04:06:54PM -0500, Matt Zagrabelny wrote:
> > Greetings netfilter,
> >
> > I have a question about the location of a "counter" statement.
> >
> > I see from the wiki [0] that placing a counter for the default policy
> > comes *after* the policy:
>
> Wiki example does not refer to the default policy.
Ahh. Now I see. Thanks for the clarification.
Is there a way to count the packets that get evaluated by the default
policy of a chain?
I know I can put a counter after all my rules, but it seems like it
would be nicer to somehow integrate it into:
chain IN {
type filter hook input priority filter; policy drop;
for example:
chain IN {
type filter hook input priority filter; policy counter drop;
...but the above fails.
Thanks for any help!
-m
