I begin to use nftables and wrote thes rules:
    chain input { # handle 1
       type filter hook input priority 0; policy drop;
       ct state established,related accept # handle 4
       ip saddr 192.168.1.0/24 accept # handle 5
       ip6 saddr fe80::/10 accept # handle 6
       ct state invalid drop # handle 7
       iifname "lo" accept # handle 8
       tcp dport 22222 accept # handle 9
       log # handle 10
    }
I expect to block all traffic from anywhere except on the local network (192.168.1.0/24)
Is "fe80::/10" the ipv6 corresponding syntax for ipv4 192.168.1.0/24?
The last line "log" is (for me) supposed to log all dropped packets, am
I right?
For this last line, logwatch reports "logged packets on interface".
logwatch with iptables reports "drop packets on the interface"
Are these packets dropped or only logged?
Is "fe80::/10" the ipv6 corresponding syntax for ipv4 192.168.1.0/24?
I expect too accept connections from the internet to port 22222
The last line "log" is (for me) supposed to log all dropped packets, am I right?
For this last line, logwatch reports "logged packets on interface".
logwatch with iptables reports "drop packets on the interface"
Are these packets dropped or only logged?
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 296 |
Nodes: | 16 (2 / 14) |
Uptime: | 68:55:48 |
Calls: | 6,655 |
Calls today: | 1 |
Files: | 12,200 |
Messages: | 5,332,090 |
Posted today: | 1 |