Hello,
I add this rule to allow established connection :
nft add rule inet filter input ct state established,related accept
When the input policy is "accept" I can go on the internet.
But as soon as I set up the policy to "drop" I can't.
sudo nft add chain inet filter input '{ policy drop; }'
The policy normally applies when no rules are matched, so I don't understand why.
Here is my ruleset :
nicolas@localhost:~/Desktop$ sudo nft list ruleset
Code:
table inet filter {
chain input {
type filter hook input priority filter; policy drop;
ct state established,related accept
}
chain forward {
type filter hook forward priority filter; policy accept;
}
chain output {
type filter hook output priority filter; policy accept;
}
}
Thanks
Bookmarks