Hello Maurice!
04 Dec 2017 06:08, Maurice Kinal wrote to Nicholas Boel:
MK> 4.13.x kernels are better than 4.12.x kernels methinks, but both are
MK> EOL. Howver 4.13.16 is definetly better than 4.9.x kernels, which is
MK> the latest longterm kernel, or at least the last one I compared
MK> 4.13.16 to which was 4.9.65.
so lets help me getting nftables to work :=)
----- ipv4-filter begins -----
#! /sbin/nft -f
table filter {
chain input {
type filter hook input priority 0;
ct state established accept
ct state related accept
meta iif lo accept
tcp dport ssh counter packets 0 bytes 0 accept
tcp dport binkp counter packets 0 bytes 0 accept
tcp dport tfido counter packets 0 bytes 0 accept
tcp dport fido counter packets 0 bytes 0 accept
counter packets 5 bytes 5 log drop
}
chain forward { type filter hook forward priority 0; }
chain output {
type filter hook output priority 0;
ct state established accept
ct state related accept
meta iif lo accept
ct state new counter packets 0 bytes 0 accept
}
}
----- ipv4-filter ends -----
i dont know if its works or not :(
current is not enabled yet, can some help me make it better ?
or even working ? :=)
one error i have with it is that tfido is a unknown service to nft ?
Regards Benny
... there can only be one way of life, and it works :)
--- Msged/LNX 6.2.0 (Linux/4.14.3-gentoo (i686))
* Origin: I will always keep a PC running CPM 3.0 (2:230/0)
|