[Bug 1700] Flowtable - Bug on devices deinition
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Tue Aug 22 19:55:27 CEST 2023
https://bugzilla.netfilter.org/show_bug.cgi?id=1700
--- Comment #4 from Pablo Neira Ayuso <pablo at netfilter.org> ---
1) Your ruleset determines what flows are added to the flowtable. Below your
ruleset adds entries to the flowtable for UDP packets coming in from eth1 and
eth2.
2) The devices you specify in the flowtable declaration determine where the
flowtable hooks in the pipeline for lookups, in the example below, it registers
a hook for devices eth1 and eth2 in the ingress hook at priority 0.
The ruleset should be:
table ip vyos_filter {
flowtable ft_test {
hook ingress priority filter
devices = { eth1, eth2 }
}
chain VYOS_FORWARD_filter {
type filter hook forward priority filter; policy accept;
iifname { "eth1", "eth2" } ip protocol udp counter flow add @ft_test
meta l4proto { tcp, udp } counter accept comment
"FWD-filter-10"
}
}
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20230822/f37bf494/attachment.html>
More information about the netfilter-buglog
mailing list