Now i deleted the "ct state invalid" line.
When i check "conntrack -L" i get:These are my ssh connections, both marked ESTABLISHED, but in nftables the packets are ignored in the ct-state line for established and related packets.
Is there any way to log why the packets are marked as invalid in nftables?
The nftables log function did not give me any usable information.
When i check "conntrack -L" i get:
Code:
tcp 6 299 ESTABLISHED src=10.13.3.15 dst=10.13.17.13 sport=22 dport=52920 src=10.13.17.13 dst=10.13.3.15 sport=52920 dport=22 [ASSURED] mark=0 use=1tcp 6 431116 ESTABLISHED src=10.13.3.15 dst=10.13.17.13 sport=22 dport=52927 src=10.13.17.13 dst=10.13.3.15 sport=52927 dport=22 [ASSURED] mark=0 use=1Is there any way to log why the packets are marked as invalid in nftables?
The nftables log function did not give me any usable information.
Statistics: Posted by smhrambo — Wed Jul 24, 2024 9:09 am
