You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Rule 1 is correctly generated. There is no raw/forward, it acts on any packet reaching the network card (after flowtable offload which is at even lower level)
You can set one bit in mark then extract it in following rule
or better you can put your fragments renamed from generated names in /etc/nftables.d/???.nft (see fw4 print for re-usable zone name variables)
In my case , i want to remove connection tracking on DNS on my local network only .
I added 2 rules
extract of
/etc/config/firewall
rule A
is too wide , because capture packet in forward modecurrent nft ruleset
the rule in
raw_prerouting
must be something like thisrule B
does not generate nft ruleso firewall4 must generate a block like this
The text was updated successfully, but these errors were encountered: