In nftables, why is port 443 traffic blocked only for non-web traffic?
I need to accept traffic on port 443, but nftables is currently accepting some traffic and blocking others, with no way to discern why.
Drop policy applied for the established connection despite : ct state established,related accept
I add this rule to allow established connection :
Netfilter (nft) metadata on packets from bridge interfaces
I am trying to set up a filtering bridge that makes some decisions on what to forward, and what to allow in (filter chain) based on which physical interface a packet came in on. How I thought this worked was that the bridge model in the kernel would attach the input interface (which could be physical, but I think could be also vlan1234@eth0) as metadata. I then thought I could use ‘meta iffname’ to set rules up like this:
nftables: MAC address bitwise match
I want to mark tcp/udp packets which have a source MAC address with locally administered bit.