Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 746115 Details for
Bug 819456
net-firewall/nftables starts but configuration broken
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
output of nft list ruleset after boot/ startup
nft_startup (text/plain), 1.77 KB, created by
onkobu
on 2021-10-22 10:29:31 UTC
(
hide
)
Description:
output of nft list ruleset after boot/ startup
Filename:
MIME Type:
Creator:
onkobu
Created:
2021-10-22 10:29:31 UTC
Size:
1.77 KB
patch
obsolete
>table inet firewall { > chain inbound_ipv4 { > icmp type echo-request limit rate 5/second accept > } > > chain inbound_ipv6 { > icmpv6 type { nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept > icmpv6 type echo-request limit rate 5/second accept > } > > chain inbound { > type filter hook input priority filter; policy drop; > ct state vmap { invalid : drop, established : accept, related : accept } > tcp flags syn / fin,syn,rst,ack ct state new counter packets 58 bytes 3960 drop > iifname "lo" accept > meta protocol vmap { ip : jump inbound_ipv4, ip6 : jump inbound_ipv6 } > tcp dport { 22, 80, 443, 8000, 8200, 8883 } accept > meta l4proto { tcp, udp } th dport 53 counter packets 21 bytes 1401 accept comment "accept DNS" > udp dport 1900 meta pkttype multicast limit rate 4/second burst 20 packets accept comment "Accept UPnP IGD port mapping reply" > meta l4proto igmp meta nfproto ipv4 ip daddr 224.0.0.0/24 accept comment "accept IGMP" > meta l4proto igmp meta nfproto ipv4 ip daddr 239.255.255.250 accept comment "accept IGMP digital radio" > log prefix "[nftables] Inbound Denied: " counter packets 2 bytes 108 drop > } > > chain forward { > type filter hook forward priority filter; policy drop; > } >} >table netdev filter { > set blocklist_v4 { > type ipv4_addr > flags interval > elements = { 10.0.0.0/8, 169.254.0.0/16, > 172.16.0.0/12 } > } > > chain ingress { > type filter hook ingress device "enp8s0" priority -500; policy accept; > ip frag-off & 8191 != 0 counter packets 0 bytes 0 drop > ip saddr @blocklist_v4 counter packets 0 bytes 0 drop > tcp flags fin,syn,rst,psh,ack,urg / fin,syn,rst,psh,ack,urg counter packets 0 bytes 0 drop > tcp flags ! fin,syn,rst,psh,ack,urg counter packets 0 bytes 0 drop > tcp flags syn tcp option maxseg size 1-535 counter packets 0 bytes 0 drop > } >}
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=746115">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 819456
:
746112
| 746115 |
746121
