Phil Sutter <[email protected]> wrote: > Hi, > > This is about tests/shell/testcases/nft-f/0008split_tables_0, which adds > the following simple ruleset: > > | table inet filter { > | chain ssh { > | type filter hook input priority 0; policy accept; > | tcp dport ssh accept; > | } > | } > | > | table inet filter { > | chain input { > | type filter hook input priority 1; policy drop; > | } > | } > > If applied, it kills my SSH connection. :(
Yes, thats expected. First ssh base chain gets invoked, which accepts any packet either by verdict or policy. Then next base chain gets consulted which drops the packet. I would suggest to either swap the policies or duplicate the ssh rule into the input chain too. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
