Dear all,
i have the problem that my firewall close all ports when i try to use mor than one table in nftables.
As long as i use only one table all work fine. I can login via ssh over all 3 networks.
flush ruleset
add table ip filter
add chain ip filter input { type filter hook input priority 0 ; policy drop ; }
add chain ip filter forward { type filter hook forward priority 0 ; policy drop ; }
add chain ip filter output { type filter hook output priority 0 ; policy accept ; }
add chain ip filter detailrules
add rule ip filter input ct state related,established accept
add rule ip filter input ct state invalid log drop
add rule ip filter input iif lo accept
add rule ip filter input ip protocol icmp accept
add rule ip filter input jump detailrules
add rule ip filter input log prefix "Blocked Traffic IPV4 "
add rule ip filter detailrules ip saddr 192.168.0.0/24 tcp dport 22 accept
add rule ip filter detailrules ip saddr 192.168.56.0/24 tcp dport 22 accept
add rule ip filter detailrules ip saddr 192.168.100.0/24 tcp dport 22 accept
But when i try to use a second table for one of the networks, the firewall blocks all ports.
flush ruleset
add table ip filter
add chain ip filter input { type filter hook input priority 0 ; policy drop ; }
add chain ip filter forward { type filter hook forward priority 0 ; policy drop ; }
add chain ip filter output { type filter hook output priority 0 ; policy accept ; }
add chain ip filter detailrules
add rule ip filter input ct state related,established accept
add rule ip filter input ct state invalid log drop
add rule ip filter input iif lo accept
add rule ip filter input ip protocol icmp accept
add rule ip filter input jump detailrules
add rule ip filter input log prefix "Blocked Traffic IPV4 "
add rule ip filter detailrules ip saddr 192.168.0.0/24 tcp dport 22 accept
add rule ip filter detailrules ip saddr 192.168.56.0/24 tcp dport 22 accept
add table ip hrz
add chain ip hrz input_hrz { type filter hook input priority 20 ; policy drop ; }
add rule ip hrz input_hrz ip protocol icmp accept
add rule ip hrz input_hrz ct state related,established accept
add rule ip hrz input_hrz ip saddr 192.168.100.0/24 tcp dport 22 accept
Has anyone an idea where my failure or missunderstanding is?
Firewall blocks whe using two tables in nftables
Issues related to configuring your network
Return to “8 /8-Stream / 9-Stream - Networking Support”
Jump to
- CentOS General Purpose
- ↳ CentOS - FAQ & Readme First
- ↳ Announcements
- ↳ CentOS Social
- ↳ User Comments
- ↳ Website Problems
- CentOS 8 / 8-Stream / 9-Stream
- ↳ 8 /8-Stream / 9-Stream - General Support
- ↳ 8 /8-Stream / 9-Stream - Hardware Support
- ↳ 8 /8-Stream / 9-Stream - Networking Support
- ↳ 8 /8-Stream / 9-Stream - Security Support
- CentOS 7
- ↳ CentOS 7 - General Support
- ↳ CentOS 7 - Software Support
- ↳ CentOS 7 - Hardware Support
- ↳ CentOS 7 - Networking Support
- ↳ CentOS 7 - Security Support
- CentOS Legacy Versions
- ↳ CentOS 5
- ↳ CentOS 5 - General Support
- ↳ CentOS 5 - Software Support
- ↳ CentOS 5 - Hardware Support
- ↳ CentOS 5 - Networking Support
- ↳ CentOS 5 - Server Support
- ↳ CentOS 5 - Security Support
- ↳ CentOS 5 - Oracle Installation and Support
- ↳ CentOS 5 - Miscellaneous Questions
- ↳ CentOS 6
- ↳ CentOS 6 - General Support
- ↳ CentOS 6 - Software Support
- ↳ CentOS 6 - Hardware Support
- ↳ CentOS 6 - Networking Support
- ↳ CentOS 6 - Security Support