[prev in list] [next in list] [prev in thread] [next in thread]
List: firewalld-users
Subject: Re: Info on nft rules created by firewalld
From: Eric Garver <egarver () redhat ! com>
Date: 2020-07-20 12:03:14
Message-ID: 20200720120314.y3ijjofj7uyfewts () egarver
[Download RAW message or body]
On Sun, Jul 19, 2020 at 11:24:56AM +0200, Andrea Pasquinucci wrote:
>Hi,
>I am learning how to use firewalld with nft on fedora 32.
>I have 2 simple questions:
>
>1. is it possible to show counters of packets/bytes for
>tables/chains/rules as it was for iptables?
>I did not find anything about this in firewalld.
No. By default nft doesn't use counters - this is for performance. There
is an RFE out there for firewalld to allow counters. However, nft offers
proper tracing. See "monitor" in the nft man page.
>2. I am confused by the use of jump and goto in the rules
>created by firewalld: for example in the rules below (generated
>by firewalld on one of my PCs) in the chain filter_INPUT_ZONES
>there are 'goto' whereas in the other chains there are 'jump',
To understand the difference between "goto" and "jump" see the nft man
page. They have the same meaning as "-g" and "-j" in iptables.
>so what happens to a ct-new packet with 'iifname "eno1"' and not to
>'tcp dport 22'?
>Does it end up to 'policy accept' or to 'reject with icmpx type admin-prohibited'
>or where?
"reject with icmpx type admin-prohibited"
_______________________________________________
firewalld-users mailing list -- firewalld-users@lists.fedorahosted.org
To unsubscribe send an email to firewalld-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedorahosted.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic