多个相同 hook ,一个 accept ,后面的还执行吗?
chatgpt 和 grok 说 accept 就终结了,gemini 说还能继续执行
规则 1 ,不同优先级
table inet A {
chain input {
type filter hook input priority 0;
tcp dport 22 accept
}
}
table inet B {
chain input {
type filter hook input priority 10;
tcp dport 22 drop
}
}
规则 2 ,相同优先级
table inet A {
chain input {
type filter hook input priority 0;
tcp dport 22 accept
}
}
table inet B {
chain input {
type filter hook input priority 0;
tcp dport 22 drop
}
}
 |
1
slowman 12 小时 1 分钟前
nftables 文档怎么说
|
 |
2
KagurazakaNyaa 12 小时 1 分钟前
https://wiki.nftables.org/wiki-nftables/index.php/Accepting_and_dropping_packets
按照 wiki 的说法,accept 不会终止处理 |
 |
3
EchoWhale 11 小时 54 分钟前 via iPhone
不再执行当前 chain 的其他规则,但会执行其他 chain 的规则。
NOTE: If a packet is accepted and there is another chain, bearing the same hook type and with a later priority, then the packet will subsequently traverse this other chain. Hence, an accept verdict - be it by way of a rule or the default chain policy - isn't necessarily final. However, the same is not true of packets that are subjected to a drop verdict. Instead, drops take immediate effect, with no further rules or chains being evaluated. https://wiki.nftables.org/wiki-nftables/index.php/Configuring_chains |
 |
4
june4 11 小时 53 分钟前
以前学 nft 对这个语法是真恶心,一串中间没有任何符合分隔,鬼才的发明
|
 |
5
cxxnullptr OP |
|
6
cxxnullptr OP @june4 确实,docker 还给生成的一大坨,看得发懵
|
Select Language