Hi everyone,
In my nft ruleset I've created (this is an extract) -->
So quite tight rules.
But I have installed a software that additionally add those rule after mine,
Like the policy is set to accept, I guess it's open up ALL traffic on inet (ipv4 & ipv6) regardless of my rules ? right ?
In my nft ruleset I've created (this is an extract) -->
Code:
table ip Tip {
chain chIN {
type filter hook input priority 0; policy drop;
ct state established,related accept
iif != lo ip daddr 127.0.0.1/8 drop
iifname lo accept
}
chain chOUT {
type filter hook output priority 0; policy drop;
udp dport 53 accept
tcp dport { 80, 443 } accept
ct state established,related accept
iifname lo accept
}
But I have installed a software that additionally add those rule after mine,
Code:
table inet mangle {
chain output {
type route hook output priority mangle; policy accept;
ct state related,new queue num 0 bypass
}
}
table inet filter {
chain input {
type filter hook input priority filter; policy accept;
udp sport 53 queue num 0 bypass
}
Like the policy is set to accept, I guess it's open up ALL traffic on inet (ipv4 & ipv6) regardless of my rules ? right ?
Last edited: