[pkg-netfilter-team] Bug#956011: netfilter: pkttype broadcast cant be matched in OUTPUT chain (INPUT works)
Andrei POPESCU
andreimpopescu at gmail.com
Mon Apr 6 07:59:10 BST 2020
Control: reassign -1 nftables
On Lu, 06 apr 20, 07:57:15, Simon H wrote:
> Package: netfilter
> Version: nftables
> Severity: important
>
> Dear Maintainer,
>
> *** Reporter, please consider answering these questions, where appropriate ***
>
> im trying to filter broadcasts with netfilter in the output chain. input is workiing with pkttype broadcast, but on output i get no matches. i tested that by using the destination addr 255.255.255.255 for catching broadcasts and that works. basically im trying to allow DHCP communication (the broadcast part)
>
> you can easily test this by inserting those rules directly at the top of output chain f.e. (on input it works)
> rule: nft add rule inet t1 c_output oifname ${zone_dev} meta pkttype { broadcast, multicast} counter goto ${zone_out}
>
> *** End of the template - remove these template lines ***
>
>
> -- System Information:
> Debian Release: 10.3
> APT prefers stable-updates
> APT policy: (500, 'stable-updates'), (500, 'stable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 4.19.0-8-amd64 (SMP w/4 CPU cores)
> Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled
--
Looking after bugs filled against unknown packages
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-netfilter-team/attachments/20200406/1996db00/attachment.sig>
More information about the pkg-netfilter-team
mailing list