|
From: Arnaud <ar...@ai...> - 2020-04-20 12:25:37
|
Hi, I wasn't able to run with nftables and "protocol = all". Sorry in advance if it has been discussed several time. I basically want f2b ban on all port and all protocol. iptables & ipset equivalent looks like this: banaction = iptables-ipset-proto6-allports[actionstart_on_demand=false] port = all protocol = all As you probably know, protocol = all don't feet with nftables. The only way I find to make it work until now is : action = %(banaction_allports)s[name=%(__name__)s-input-tcp, protocol=tcp, chain="input", actname=%(banaction_allports)s-input-tcp] %(banaction_allports)s[name=%(__name__)s-input-udp, protocol=udp, chain="input", actname=%(banaction_allports)s-input-udp] %(banaction_allports)s[name=%(__name__)s-input-icmp, protocol=icmp, chain="input", actname=%(banaction_allports)s-input-icmp] which is clearly not optimised since 3 rules are created each time. Do you have any suggestion ? Thanks in advance. -- Arnaud |