Hi,I have a script that adds a input filter rule whenever invoked. My default configuration accepts `ct state established,related`. The goal is to allow only one packet of `ip saddr {CLIENT_IP} ip daddr {SERVER_IP} tcp dport 2022 ct state new` (and any other packets related to that one or established from that one therefore), and not match subsequent packets satisfying those matchers and `ct state new`.
I have tried `ip saddr {CLIENT_IP} ip daddr {SERVER_IP} tcp dport 2022 ct state new counter ct original packets < 1 accept` but it seems that the `counter` or `ct original packets < 1` don't really do anything. The script adds the rule to the `inet filter` table's `input` chain. Can anyone correct my rule? Thanks!
Attachment:
OpenPGP_0xB69A3DD87D22F506.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature