search for: filter_in_public_allow

...> #!/bin/sh > > # Syntax: $0 SRC_IP PORT > > NFT="/usr/sbin/nft" > SET="fwkn" > # Note that we are ignoring everything from the accepted fwknop > # requests except the src IP and tgt port to be allowed ... > > PREP=`$NFT list chain inet firewalld filter_IN_public_allow | grep -c "@${SET}_$2"` > > if [ $PREP -eq 0 ]; then > $NFT add set inet firewalld "${SET}_$2" '{ type ipv4_addr ; timeout 30s ; size 32 ; }' > $NFT add rule inet firewalld filter_IN_public_allow ip saddr "@${SET}_$2" tcp dport &quo...

...set larcs4 { type ipv4_addr flags interval elements = { ..., 82.152.159.40, 82.152.159.41, ... } } The membership of the ipset are used to allow access to 5071/tcp chain filter_IN_public_allow { ip saddr @larcs4 tcp dport 5071 ct state { new, untracked } accept } In this scenario, packets from the earlier IP are accepted, however, packets from the latter IP are rejected. 15:15:58.658139 IP 82.152.159.41.48327 > 51.195.193.238.5071: Flags [S], seq 3108250724,...