Control: reassign -1 nftables
On Lu, 06 apr 20, 07:57:15, Simon H wrote:
> Package: netfilter
> Version: nftables
> Severity: important
>
> Dear Maintainer,
>
> *** Reporter, please consider answering these questions, where appropriate ***
>
> im trying to filter broadcasts with netfilter in the output chain. input is
> workiing with pkttype broadcast, but on output i get no matches. i tested
> that by using the destination addr 255.255.255.255 for catching broadcasts
> and that works. basically im trying to allow DHCP communication (the
> broadcast part)
>
> you can easily test this by inserting those rules directly at the top of
> output chain f.e. (on input it works)
> rule: nft add rule inet t1 c_output oifname ${zone_dev} meta pkttype {
> broadcast, multicast} counter goto ${zone_out}
>
> *** End of the template - remove these template lines ***
>
>
> -- System Information:
> Debian Release: 10.3
> APT prefers stable-updates
> APT policy: (500, 'stable-updates'), (500, 'stable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 4.19.0-8-amd64 (SMP w/4 CPU cores)
> Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
> LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled-- Looking after bugs filled against unknown packages
signature.asc
Description: PGP signature
