Groups | Search | Server Info | Login | Register
Groups > linux.debian.maint.firewall > #101
| From | François Patte <francois.patte@mi.parisdescartes.fr> |
|---|---|
| Newsgroups | linux.debian.maint.firewall |
| Subject | new to nft |
| Date | 2021-01-13 17:50 +0100 |
| Message-ID | <BwRvj-618-1@gated-at.bofh.it> (permalink) |
| Organization | Université Paris Descartes |
[Multipart message — attachments visible in raw view] - view raw
Bonjour,
I begin to use nftables and wrote thes rules:
chain input { # handle 1
type filter hook input priority 0; policy drop;
ct state established,related accept # handle 4
ip saddr 192.168.1.0/24 accept # handle 5
ip6 saddr fe80::/10 accept # handle 6
ct state invalid drop # handle 7
iifname "lo" accept # handle 8
tcp dport 22222 accept # handle 9
log # handle 10
}
I expect to block all traffic from anywhere except on the local network
(192.168.1.0/24)
Is "fe80::/10" the ipv6 corresponding syntax for ipv4 192.168.1.0/24?
I expect too accept connections from the internet to port 22222
The last line "log" is (for me) supposed to log all dropped packets, am
I right?
For this last line, logwatch reports "logged packets on interface".
logwatch with iptables reports "drop packets on the interface"
Are these packets dropped or only logged?
Thank you for your explanations.
Regards.
--
François Patte
UFR de mathématiques et informatique
Laboratoire CNRS MAP5, UMR 8145
Université Paris Descartes
45, rue des Saints Pères
F-75270 Paris Cedex 06
Tél. +33 (0)6 7892 5822
http://www.math-info.univ-paris5.fr/~patte
FSF
https://www.fsf.org/blogs/community/presenting-shoetool-happy-holidays-from-the-fsf
Back to linux.debian.maint.firewall | Previous | Next — Next in thread | Find similar
new to nft François Patte <francois.patte@mi.parisdescartes.fr> - 2021-01-13 17:50 +0100 Re: new to nft Pascal Hambourg <pascal@plouf.fr.eu.org> - 2021-01-13 20:20 +0100 new to nft Dennis Filder <d.filder@web.de> - 2021-01-13 23:00 +0100
csiph-web