Public bug reported:
OS: Ubuntu 20.04
nftables version 0.9.3-2 amd64
/etc/nftables.conf content:
#!/usr/sbin/nft -f
flush ruleset
table inet filter {
chain input {
type filter hook input priority 0; policy drop;
tcp dport 22 accept
ct state established,related accept
}
chain forward {
type filter hook forward priority 0; policy accept;
}
chain output {
type filter hook output priority 0; policy accept;
}
}
Expected behavior:
nftables should become statefull and thereby allow incoming packets after a
connection is initiated by the host. This works on Debian 10 with nftables v
0.9.0-2 amd64.
Actual behavior:
nftables does not become statefull and drops all incoming packets.
** Affects: nftables (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1888076
Title:
nftables can't be statefull
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nftables/+bug/1888076/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
