Re: nft newbie

To: debian-user@lists.debian.org
Subject: Re: nft newbie
From: "Gareth Evans" <donotspam@fastmail.fm>
Date: Sat, 09 Jul 2022 08:13:11 +0100
Message-id: <[🔎] 83c9d108-51c8-4e17-a565-61ad041b9651@www.fastmail.com>
In-reply-to: <[🔎] 3d2d2857-875c-4636-b102-a94f4c1a4121@www.fastmail.com>
References: <[🔎] d47bc2b6-cc49-6d08-d422-3495f3a59028@shentel.net> <[🔎] YsYmBc2GwEcsWr5X@eskimo.com> <[🔎] CAFMGiz-YLj4=RoAg62j98J9Wdzc0eRVbVEj5OECY4w1iKHoZBQ@mail.gmail.com> <[🔎] 2ad1777d-17c7-f114-a976-a2bec857c29c@shentel.net> <[🔎] 3d2d2857-875c-4636-b102-a94f4c1a4121@www.fastmail.com>

On Sat  9 Jul 2022, at 07:17, Gareth Evans <donotspam@fastmail.fm> wrote:
[...]
> If there is no drop by default, why add "policy accept" for 
> related/established as it does?  Doesn't this happen anyway?

I suppose this probably modifies behaviour for otherwise closed ports (which would make sense for a firewall!) but I can't find much of a high-level overview in documentation - man nft, wiki.

I would still be grateful for thoughts from experienced nft users if any issues seem to arise from the lack of qualified "policy drop" in input.  Also for any good nft/netfilter overview articles etc.

Thanks,
Gareth

Reply to:

Follow-Ups:
- Re: nft newbie
  - From: Roger Price <debian@rogerprice.org>

References:
- nft newbie
  - From: gene heskett <gheskett@shentel.net>
- Re: nft newbie
  - From: Will Mengarini <seldon@eskimo.com>
- Re: nft newbie
  - From: Tom Browder <tom.browder@gmail.com>
- Re: nft newbie
  - From: gene heskett <gheskett@shentel.net>
- Re: nft newbie
  - From: "Gareth Evans" <donotspam@fastmail.fm>

Prev by Date: Re: nft newbie
Next by Date: Re: nft newbie
Previous by thread: Re: nft newbie
Next by thread: Re: nft newbie
Index(es):
- Date
- Thread