Hello
I want to add this Nftables rule to my input chain:
nft add rule ip filter input ct count over 2 reject with tcp reset
But when I write this command in bash, it doesn’t return: it hangs.
This only happens when I write the “ct count …” option.
What’s going on?
My kernel is 5.5.9-200.fc31.x86_64 in nftables package version is last available in official repository: 0.9.1
Thanks!!
1 Like
Well, currently state is worst: same rule now gives me this error:
“Error: Could not process rule: No such file or directory”, marking “ct counter 2” as the bad written part of the rule. What’s going on??
My kernel is 5.16.14-200.fc35.x86_64 and nftables package version is last available in official repository: v1.0.0
Thanks!
Can you post the rule you’re trying to add/is causing you issues?
edit:, my apologies I missed it in the first post.
Yes, it is:
nft add rule inet filter input ct count over 2 log
nft list ruleset show my current configuration (which is clean):
table inet filter {
chain input {
type filter hook input priority filter; policy accept;
}
chain forward {
type filter hook forward priority filter; policy accept;
}
chain output {
type filter hook output priority filter; policy accept;
}
}
Thanks!