Subj : gentoo profile 17 :=)
To   : Maurice Kinal
From : Benny Pedersen
Date : Mon Dec 04 2017 12:54:50

Hello Maurice!

04 Dec 2017 06:08, Maurice Kinal wrote to Nicholas Boel:

 MK> 4.13.x kernels are better than 4.12.x kernels methinks, but both are 
 MK> EOL.  Howver 4.13.16 is definetly better than 4.9.x kernels, which is 
 MK> the latest longterm kernel, or at least the last one I compared 
 MK> 4.13.16 to which was 4.9.65.

so lets help me getting nftables to work :=)

   ----- ipv4-filter begins -----
#! /sbin/nft -f

table filter {
        chain input {
                type filter hook input priority 0;
                ct state established accept
                ct state related accept
                meta iif lo accept
                tcp dport ssh counter packets 0 bytes 0 accept
                tcp dport binkp counter packets 0 bytes 0 accept
                tcp dport tfido counter packets 0 bytes 0 accept
                tcp dport fido counter packets 0 bytes 0 accept
                counter packets 5 bytes 5 log drop
        }
        chain forward { type filter hook forward priority 0; }
        chain output {
                type filter hook output priority 0;
                ct state established accept
                ct state related accept
                meta iif lo accept
                ct state new counter packets 0 bytes 0 accept
        }
}
   ----- ipv4-filter ends -----

i dont know if its works or not :(

current is not enabled yet, can some help me make it better ?

or even working ? :=)

one error i have with it is that tfido is a unknown service to nft ?


 Regards Benny

.... there can only be one way of life, and it works :)

--- Msged/LNX 6.2.0 (Linux/4.14.3-gentoo (i686))
 * Origin: I will always keep a PC running CPM 3.0 (2:230/0)

.