Displaying 1 result from an estimated 1 matches for "allowed_tcp_dports".
2024 Jul 13
2
[Bug 1758] New: Design flaw in chain traversal
...excerpt just do demonstrate the problem) was something like
table inet firewall {
set allowed_interfaces {
type ifname
elements = { "lo" }
}
set allowed_protocols {
type inet_proto
elements = { icmp, icmpv6 }
}
set allowed_tcp_dports {
type inet_service
elements = { ssh }
}
chain allow {
ct state established,related accept
meta l4proto @allowed_protocols accept
iifname @allowed_interfaces accept
tcp dport @allowed_tcp_dports accept...