Hello,
I am running nftables v0.9.8 and am aiming to create a single
rejection rule which specifies multiple rejection types for different
protocols.
Something like: "reject with tcp reset with icmpx type admin-prohibited".
However when I've tried this, nftables throws an error:
Error: syntax error, unexpected with, expecting end of file or newline
or semicolon
add rule inet filter output reject with tcp reset with icmpx type
admin-prohibited
^^^^ (under the second with)
Error: Statement after terminal statement has no effect
add rule inet filter output reject with tcp reset reject with icmpx
type admin-prohibited
~~~~~~ (under first reject)
^^^^^^ (under the second reject)
I am currently using two rules which covers TCP, ICMP and anything
else, but would be better as a single rule:
add rule inet filter output meta l4proto tcp reject with tcp reset
add rule inet filter output reject with icmpx type admin-prohibited
But this would be better as a single rule, as the duplicate similar
rules create complexity and duplication.
Is there a way to specify multiple rejection types in a single nftables rule?
Kind regards,
Edward
