[Bug 1463] nft --json list ruleset crashes

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Wed Sep 9 21:18:18 CEST 2020


https://bugzilla.netfilter.org/show_bug.cgi?id=1463

--- Comment #5 from abrian at netapp.com ---
We do the configuration programmatically, some based on user provided
configuration.  Here are the commands that set up the rules in the example I
provided above:

iptables -A INPUT -p tcp --syn -m multiport --dports 8082,8083,8084,8085 -m
connlimit --connlimit-above 20000 --connlimit-mask 0 -j REJECT --reject-with
tcp-reset
iptables -A INPUT -p tcp --syn -m multiport --dports 18082,18083,18084,18085 -m
connlimit --connlimit-above 10000 --connlimit-mask 0 -j REJECT --reject-with
tcp-reset

ip6tables -A INPUT -p tcp --syn -m multiport --dports 8082,8083,8084,8085 -m
connlimit --connlimit-above 20000 --connlimit-mask 0 -j REJECT --reject-with
tcp-reset
ip6tables -A INPUT -p tcp --syn -m multiport --dports 18082,18083,18084,18085
-m connlimit --connlimit-above 10000 --connlimit-mask 0 -j REJECT --reject-with
tcp-reset

Here are examples of the type of commands we use based on the user's
configuration:

iptables -t nat -A OUTPUT -o $IFACE -p $PROTO --dport $D_PORT -j DNAT
--to-destination :$S_PORT

iptables -t nat -A PREROUTING -i $IFACE -p $PROTO --dport $S_PORT -j REDIRECT
--to-port $D_PORT

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200909/d1ddacf0/attachment-0001.html>


More information about the netfilter-buglog mailing list