Bonjour,
I begin to use nftables and wrote thes rules:
chain input { # handle 1
type filter hook input priority 0; policy drop;
ct state established,related accept # handle 4
ip saddr 192.168.1.0/24 accept # handle 5
ip6 saddr fe80::/10 accept # handle 6
ct state invalid drop # handle 7
iifname "lo" accept # handle 8
tcp dport 22222 accept # handle 9
log # handle 10
}
I expect to block all traffic from anywhere except on the local network
(192.168.1.0/24)
Is "fe80::/10" the ipv6 corresponding syntax for ipv4 192.168.1.0/24? I expect too accept connections from the internet to port 22222The last line "log" is (for me) supposed to log all dropped packets, am I right?
For this last line, logwatch reports "logged packets on interface". logwatch with iptables reports "drop packets on the interface" Are these packets dropped or only logged? Thank you for your explanations. Regards. -- François Patte UFR de mathématiques et informatique Laboratoire CNRS MAP5, UMR 8145 Université Paris Descartes 45, rue des Saints Pères F-75270 Paris Cedex 06 Tél. +33 (0)6 7892 5822 http://www.math-info.univ-paris5.fr/~patte FSF https://www.fsf.org/blogs/community/presenting-shoetool-happy-holidays-from-the-fsf
Attachment:
OpenPGP_0x744E82D9D855D895.asc
Description: application/pgp-keys
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature