[Bug 966] iptables can't change or drop or any effect on scapy packet!

Sat Aug 5 02:33:44 CEST 2023

https://bugzilla.netfilter.org/show_bug.cgi?id=966

Phil Sutter <phil at nwl.cc> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |phil at nwl.cc
         Resolution|---                         |INVALID

--- Comment #1 from Phil Sutter <phil at nwl.cc> ---
As per the one reply on stackexchange, raw sockets will bypass iptables.

Using nftables with its egress hook solves the problem, though:

table netdev t {
    chain c {
        type filter hook egress device "eth0" priority filter;
        udp dport 53 counter drop
    }
}

This snippet works in dropping any UDP packets sent via eth0 with destination
port 53, even with using a raw socket.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20230805/c8736ccb/attachment.html>