Here is an edited nft ruleset that shows what appears to be a problem with the values in the packet counters.
In the INPUT chain, the second rule counter shows more packets than the first rule counter.
As far as I understand it, all of the packets that are evaluated by the second rule, were also evaluated by the first rule, so the values should be identical.
Where do the apparent extra packet counts come from?
Linux Mint 22.1 Cinnamon
Intel© Coreā¢ i5-2400 CPU
Kernel 6.8.0-64-generic
js@js-mint-22:~$ sudo nft list ruleset
# Warning: table ip filter is managed by iptables-nft, do not touch!
table ip filter {
chain INPUT {
type filter hook input priority filter; policy drop;
counter packets 378886 bytes 2143315517 jump LIBVIRT
counter packets 379132 bytes 2143334159 jump ufw-before-logging-input
counter packets 379132 bytes 2143334159 jump ufw-before-input
counter packets 25852 bytes 4400083 jump ufw-after-input
counter packets 2259 bytes 409305 jump ufw-after-logging-input
counter packets 2259 bytes 409305 jump ufw-reject-input
counter packets 2259 bytes 409305 jump ufw-track-input
}
chain LIBVIRT {
iifname "virbr0" udp dport 53 counter packets 0 bytes 0 accept
iifname "virbr0" tcp dport 53 counter packets 0 bytes 0 accept
iifname "virbr0" udp dport 67 counter packets 0 bytes 0 accept
iifname "virbr0" tcp dport 67 counter packets 0 bytes 0 accept
}
chain ufw-before-logging-input {
}
chain ufw-before-input {
iifname "lo" counter packets 81100 bytes 6874130 accept
ct state related,established counter packets 267229 bytes 2131142550 accept
ct state invalid counter packets 0 bytes 0 jump ufw-logging-deny
ct state invalid counter packets 0 bytes 0 drop
ip protocol icmp icmp type destination-unreachable counter packets 0 bytes 0 accept
ip protocol icmp icmp type time-exceeded counter packets 0 bytes 0 accept
ip protocol icmp icmp type parameter-problem counter packets 0 bytes 0 accept
ip protocol icmp icmp type echo-request counter packets 0 bytes 0 accept
udp sport 67 udp dport 68 counter packets 0 bytes 0 accept
counter packets 30803 bytes 5317479 jump ufw-not-local
ip daddr 224.0.0.251 udp dport 5353 counter packets 4951 bytes 917396 accept
ip daddr 239.255.255.250 udp dport 1900 counter packets 0 bytes 0 accept
counter packets 25852 bytes 4400083 jump ufw-user-input
}
chain ufw-logging-deny {
ct state invalid limit rate 3/minute burst 10 packets counter packets 0 bytes 0 return
limit rate 3/minute burst 10 packets counter packets 0 bytes 0 log prefix "[UFW BLOCK] "
}
chain ufw-not-local {
fib daddr type local counter packets 1735 bytes 407616 return
fib daddr type multicast counter packets 5947 bytes 955901 return
fib daddr type broadcast counter packets 23121 bytes 3953962 return
limit rate 3/minute burst 10 packets counter packets 0 bytes 0 jump ufw-logging-deny
counter packets 0 bytes 0 drop
}
chain ufw-user-input {
}
chain ufw-after-input {
udp dport 137 counter packets 496 bytes 39120 jump ufw-skip-to-policy-input
udp dport 138 counter packets 194 bytes 46241 jump ufw-skip-to-policy-input
tcp dport 139 counter packets 0 bytes 0 jump ufw-skip-to-policy-input
tcp dport 445 counter packets 0 bytes 0 jump ufw-skip-to-policy-input
udp dport 67 counter packets 15 bytes 6590 jump ufw-skip-to-policy-input
udp dport 68 counter packets 0 bytes 0 jump ufw-skip-to-policy-input
fib daddr type broadcast counter packets 22888 bytes 3898827 jump ufw-skip-to-policy-input
}
chain ufw-skip-to-policy-input {
counter packets 23593 bytes 3990778 drop
}
chain ufw-after-logging-input {
limit rate 3/minute burst 10 packets counter packets 1808 bytes 266671 log prefix "[UFW BLOCK] "
}
chain ufw-reject-input {
}
chain ufw-track-input {
}
}
Asked by jsotola
(540 rep)
Jul 25, 2025, 08:28 PM
Last activity: Jul 25, 2025, 11:31 PM
Last activity: Jul 25, 2025, 11:31 PM