search for: icmpx

...p filter map1 { type ipv4_addr : verdict ; policy performace ; } And indicate the expected size to assist the set selection routine: # nft add set filter set1 { type ipv4_addr ; size 1024 ; } * Complete reject support (available for ip, ip6 and inet since 3.14. bridge support and the icmpx abstraction since 3.18). # nft add rule filter input reject with icmp type host-unreachable and for IPv6: # nft add rule ip6 filter input reject with icmpv6 type no-route you can the ICMPx abstraction from the inet table: # nft add rule inet filter input reject with...

https://bugzilla.netfilter.org/show_bug.cgi?id=1777 Bug ID: 1777 Summary: Error: COMMAND_FAILED: 'python-nftables' failed Product: nftables Version: 1.0.x Hardware: arm OS: Debian GNU/Linux Status: NEW Severity: blocker Priority: P5 Component: kernel Assignee: pablo at

...t scripts doc: nft.8 Syslog level is introduced by "level" not "syslog-level" doc: nft.8 aim for consistent synopses throughout Florian Westphal (9): rule: fix netlink debug flag when listing table/rules tests: fix harmess typo in table name tests: icmpX: fix expected output tests: add test case that checks icmp6 in-ipv4 tests: nft removes required payload protocol expressions tests: enable ip/ip.t for bridge protocol, too tests: nft removes required inet dependency expressions ct: don't print newline if label bit...

...l4proto @allowed_protocols accept iifname @allowed_interfaces accept tcp dport @allowed_tcp_dports accept } chain input { type filter hook input priority filter + 10; policy accept jump allow reject with icmpx type port-unreachable } } which, at a first glance, worked like expected. But then I noticed that the virtual guest machine in LXD virtualization cannot resolve DNS queries anymore. The reason: LXD itself installs a ruleset like (again, just an excerpt to show the problem) table inet lx...