drop time exceeded icmp for nfqws-related connections

2025-05-24 22:32:58 +03:00 · 2025-05-04 18:15:33 +03:00
parent 9629ce5cb7
commit 3ca682e25a
6 changed files with 62 additions and 8 deletions
--- a/docs/nftables.txt
+++ b/docs/nftables.txt
@@ -26,7 +26,6 @@ nft add rule inet ztest post meta mark and 0x40000000 == 0 udp dport 443 ct orig
 sysctl net.netfilter.nf_conntrack_tcp_be_liberal=1 
 nft add chain inet ztest pre "{type filter hook prerouting priority filter;}"
 nft add rule inet ztest pre tcp sport "{80,443}" ct reply packets 1-3 queue num 200 bypass
-nft add rule inet ztest pre udp sport 443 ct reply packets 1 queue num 200 bypass


 show rules   : nft list table inet ztest