migrating to nftables and changing TTL of packets

Kernels & Hardware, configuring network, installing services

migrating to nftables and changing TTL of packets

Postby quack75 » 2019-07-14 16:52

Hi,

I'm planning a migration to nftables.

in my current iptables rules, I have the following rule:
Code: Select all
iptables -t mangle -A PREROUTING -i eth0 -d 239.255.255.250 -j TTL --ttl-inc 1


This rule is useful to route multicast UPnP traffic. Basically it is just here to prevent the TTL to be decremented for these packets.
I spent many hours to try to build an equivalent rule with nftables, but so far I haven't found any solution.

I may have found how to SET the ttl value using a rule like this:
Code: Select all
nft add rule inet filter input ip ttl set 123


but:
1- I'm not sure it will work
2- it doesn't do exactly what I need to do, which is INCREMENT the TTL by 1

Can someone help me ?
quack75
 
Posts: 4
Joined: 2019-07-14 16:44

Re: migrating to nftables and changing TTL of packets

Postby Head_on_a_Stick » 2019-07-14 17:57

If you're using Debian buster then you can carry on using your iptables rules, they will be translated for the nftables backend: https://www.debian.org/releases/stable/ ... l#nftables
User avatar
Head_on_a_Stick
 
Posts: 10377
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: migrating to nftables and changing TTL of packets

Postby quack75 » 2019-07-14 18:23

yes I know that but I would like to move forward and use nftables
quack75
 
Posts: 4
Joined: 2019-07-14 16:44

Re: migrating to nftables and changing TTL of packets

Postby quack75 » 2019-07-16 14:07

anyone ?
I can't imagine such a simple action is not supported by nftables yet ?
quack75
 
Posts: 4
Joined: 2019-07-14 16:44

Re: migrating to nftables and changing TTL of packets

Postby quack75 » 2019-08-22 19:43

it really seems that this is not supported by nftables (yet ?)

Really disappointing !
quack75
 
Posts: 4
Joined: 2019-07-14 16:44

Re: migrating to nftables and changing TTL of packets

Postby CwF » 2019-09-03 00:22

hmmm, removing iptables also currently breaks libvirt...
CwF
 
Posts: 442
Joined: 2018-06-20 15:16


Return to System configuration

Who is online

Users browsing this forum: No registered users and 15 guests

fashionable