LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page How to use connection tracking with Forward?
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-18-2023, 03:15 PM   #1
Asanto
LQ Newbie
 
Registered: Apr 2023
Posts: 1

Rep: Reputation: 0
How to use connection tracking with Forward?

Hi everyone. I am setting up my firewall and want to close services, which open in docker too, in one place.

So, my rules look like this:
Code:
nft add table inet PREROUTING
nft 'add chain inet PREROUTING lower_filter { type filter hook prerouting priority -130; policy drop; }'
nft add rule inet PREROUTING lower_filter ct state established,related counter accept
nft add rule inet PREROUTING lower_filter ct state invalid counter drop
nft add rule inet PREROUTING lower_filter counter
It works fine for the local machine. But, when I go to the container:
Code:
docker run -it debian:stable /bin/bash
Internet not works:
Code:
root@7c791721f0c5:/# apt update
0% [Connecting to deb.debian.org]
Seems, this rule doesn't work:
Code:
nft add rule inet PREROUTING lower_filter ct state established,related counter accept
How I could fix this?
 
Old 05-03-2023, 06:12 PM   #2
GlennsPref
Senior Member
 
Registered: Apr 2004
Location: Brisbane, Australia
Distribution: Devuan
Posts: 3,660
Blog Entries: 33

Rep: Reputation: 283Reputation: 283Reputation: 283
Hi, check your /etc/sysctl.conf file, you may see forwarding there... for ipv4 & 6.

When it comes to blocking ports on this box,

I check the services set to run at start-up, I also uninstall any progs not used by me... including games and relay-chat,

and stop or cancel those apps from starting.

the key words to search for is services chkconfig rc-update
 
Old 05-17-2023, 01:38 AM   #3
DeloisValdez
LQ Newbie
 
Registered: May 2023
Posts: 2

Rep: Reputation: 0
Thank you.
 
Old 05-17-2023, 07:58 AM   #4
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 26,812

Rep: Reputation: 8003Reputation: 8003Reputation: 8003Reputation: 8003Reputation: 8003Reputation: 8003Reputation: 8003Reputation: 8003Reputation: 8003Reputation: 8003Reputation: 8003
Quote:
Originally Posted by DeloisValdez View Post
Thank you.
For what? Which part helped you, and what applies to your situation???
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] SSH login tracking and session activity Tracking Veen77 Linux - Security 9 09-04-2019 09:11 AM
@FedEx Tracking: pasting correct tracking # causes error; typing same works mike3644 Linux - Software 7 02-15-2018 03:55 PM
Connection Destroy Time with Net Filter Connection Tracking Washington Ratso Linux - Networking 3 05-15-2011 02:51 PM
how does IPTABLES -A FORWARD two way traffic without using connection tracking? farhan Linux - Security 4 09-05-2007 12:31 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:12 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration