Why does adding a counter queue to my Netfilter chain break my VM?
1
vote
1
answer
273
views
I'm configuring Netfilter Tables to queue packets to and from the userspace, and the table configuration I have so far looks like:
table inet filter {
# protocols to allow
set allowed_protocols {
type inet_proto
elements = { icmp, icmpv6 }
}
# interfaces to accept any traffic on
set allowed_interfaces {
type ifname
elements = { "lo" }
}
# services to allow
set allowed_tcp_dports {
type inet_service
elements = { ssh, 9090 }
}
# this chain gathers all accept conditions
chain allow {
ct state established,related accept
meta l4proto @allowed_protocols accept
iifname @allowed_interfaces accept
tcp dport @allowed_tcp_dports accept
}
# base-chain for traffic to this host
chain INPUT {
type filter hook input priority filter + 20
policy accept
jump allow
reject with icmpx type port-unreachable
}
chain input {
type filter hook input priority 0;
}
chain forward {
type filter hook forward priority 0;
}
chain output {
type filter hook output priority 0;
}
}nft -f.
However, when I run either of these commands...
nft add inet filter input counter queue num 0nft add inet filter output counter queue num 1vagrant reload, I'm told my VM has to be forcefully shut down before it can reboot. Any help on how I can properly configure these queues would be appreciated!
OS: Linux fedora 5.19.8-200.fc36.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Sep 8 19:02:21 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Vagrant: Vagrant 2.3.0
Asked by wwillfred
(23 rep)
Sep 21, 2022, 05:20 PM
Last activity: Sep 27, 2022, 08:11 AM
Last activity: Sep 27, 2022, 08:11 AM