Re: nft newbie

To: "debian-user Mailing List" <debian-user@lists.debian.org>
Subject: Re: nft newbie
From: "Gareth Evans" <donotspam@fastmail.fm>
Date: Tue, 12 Jul 2022 00:26:44 +0100
Message-id: <[🔎] a43601d6-03af-4298-ac3e-2664fbf2051a@www.fastmail.com>
In-reply-to: <[🔎] bec39705-8557-4b35-9ee2-08da5d22fef1@www.fastmail.com>
References: <[🔎] d47bc2b6-cc49-6d08-d422-3495f3a59028@shentel.net> <[🔎] YsYmBc2GwEcsWr5X@eskimo.com> <[🔎] CAFMGiz-YLj4=RoAg62j98J9Wdzc0eRVbVEj5OECY4w1iKHoZBQ@mail.gmail.com> <[🔎] 2ad1777d-17c7-f114-a976-a2bec857c29c@shentel.net> <[🔎] 3d2d2857-875c-4636-b102-a94f4c1a4121@www.fastmail.com> <[🔎] 83c9d108-51c8-4e17-a565-61ad041b9651@www.fastmail.com> <[🔎] alpine.DEB.2.20.2207091100050.16633@maria.rogerprice.org> <[🔎] bec39705-8557-4b35-9ee2-08da5d22fef1@www.fastmail.com>

On Sun 10 Jul 2022, at 06:25, Gareth Evans <donotspam@fastmail.fm> wrote:

> Thanks Roger, that also suggests "policy drop" in its nftables examples.

As someone on firewalld-users kindly pointed out, there is

> table inet firewalld {
>     chain filter_INPUT {
[...]
>         reject with icmpx admin-prohibited   <--- catch-all reject
>     }

which seems equivalent to ufw's qualified "policy drop".

Panic over.
G

Reply to:

Follow-Ups:
- Re: nft newbie
  - From: Maximiliano Estudies <maxiestudies@gmail.com>

References:
- nft newbie
  - From: gene heskett <gheskett@shentel.net>
- Re: nft newbie
  - From: Will Mengarini <seldon@eskimo.com>
- Re: nft newbie
  - From: Tom Browder <tom.browder@gmail.com>
- Re: nft newbie
  - From: gene heskett <gheskett@shentel.net>
- Re: nft newbie
  - From: "Gareth Evans" <donotspam@fastmail.fm>
- Re: nft newbie
  - From: "Gareth Evans" <donotspam@fastmail.fm>
- Re: nft newbie
  - From: Roger Price <debian@rogerprice.org>
- Re: nft newbie
  - From: "Gareth Evans" <donotspam@fastmail.fm>

Prev by Date: Re: Twice load - rndc.key ?
Next by Date: Re: Does Debian supports backticks in the Makefile?
Previous by thread: Re: nft newbie
Next by thread: Re: nft newbie
Index(es):
- Date
- Thread