0

To debug nftables to identify if a rule is matched you can use counter. If I set counter and assign the ruleset, then the prompt for counter list is empty. How to list counter?

$ sudo nano /etc/nftables.conf
flush ruleset

table inet filter {
    chain input {
        type filter hook input priority 0; policy drop;
        ct state { established, related } accept
        iifname "lo" accept
        tcp dport 22 counter packets 6872 bytes 105448565 accept
    }

    chain output {
        type filter hook output priority 0; policy accept;
    }

    chain forward {
        type filter hook forward priority filter; policy accept;
    }
}

$ sudo nft -f /etc/nftables.conf
$ sudo nft list counters
Improve this question
1
  • What about nft list ruleset | grep counter? nft list counters doesn't work on my end.
    – Artem S. Tashkinov
    Commented Jun 23 at 9:17

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .