What does this NFtables rules does ?

SpongeB0B

New Member
Joined
Feb 11, 2022
Messages
28
Reaction score
7
Credits
258
Hi everyone,
In my nft ruleset I've created (this is an extract) -->

Code:
table ip Tip {
    chain chIN {
        type filter hook input priority 0; policy drop;
        ct state established,related accept      
        iif != lo ip daddr 127.0.0.1/8 drop
        iifname lo accept
    }
    chain chOUT {
        type filter hook output priority 0; policy drop;
        udp dport 53 accept
        tcp dport { 80, 443 } accept
        ct state established,related accept
        iifname lo accept
    }
So quite tight rules.

But I have installed a software that additionally add those rule after mine,
Code:
table inet mangle {
    chain output {
        type route hook output priority mangle; policy accept;
        ct state related,new queue num 0 bypass
    }
}
table inet filter {
    chain input {
        type filter hook input priority filter; policy accept;
        udp sport 53 queue num 0 bypass
    }

Like the policy is set to accept, I guess it's open up ALL traffic on inet (ipv4 & ipv6) regardless of my rules ? right ?
 
Last edited:


$100 Digital Ocean Credit
Get a free VM to test out Linux!

Linux.org Hosting Donations
Consider making a donation


Top