Unsuccessful adding policy to a regular chain

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Folks,
         I'm trying to create a regular chain with a default drop policy and not getting anywhere. The wiki implies this can be done, but when I try:

 nft 'add chain ip myTable myChain { policy drop ;}'
  
I get back:

Error: Could not process rule: Operation not supported
add chain ip O365 O365WhiteList { policy drop ;}
                                  ^^^^^^^^^^^

( those carets line up with the "policy drop" on my terminal. A table called myTable of the ip family exists already )

So are policies actually supported on regular chains? If so, can you tell me what might be wrong with my  nft invocation?

What I want to do is make a whitelist setup by having a base chain hooked to forward with a rule that jumps to my whitelist chain for packets coming in from one particular interface.
Then have the whitelist chain with a default drop policy and a set of rules defining  which hosts and networks to accept for further forwarding.

Can anyone help me here?

nft --version returns:  nftables v1.0.6 (Lester Gooch #5)    , all operations are being run as root on debian 12.


Thanks,
           Robin.  






[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux