December 28, 2022, 3:10am
As outlined here:
I cannot create any rule using "ct count".
Executing this on cli:
nft add rule inet fw4 forward tcp dport 22 ct count 10 accept
Results in this:
Error: Could not process rule: No such file or directory
add rule inet fw4 forward tcp dport 22 ct count 10 accept
Can anyone else confirm that this works? The nftables wiki article also reads:
Note: connlimits require at least nftables 0.9.0 and Linux kernel 4.19.10
But 22.03.2 is running nftables 1.0.2 and Linux kernel 5.10.146. Exactly which file and/or directory does it need? Is there something missing in the 22.03.2 OpenWRT kernel that it needs?
Thanks in advance for any/all help.
The module CONFIG_NFT_CONNLIMIT is not built in OpenWrt.
December 28, 2022, 4:39am
Thanks for the timely feedback, I'll stop trying to make it work now. Not sure if I feel like building a custom kernel to get this functionality...
I now see that there is an .ipk package for iptables - "iptables-mod-conntrack-extra" which includes connection limiting and other similar functionality. Hopefully a similar package can be created for fw4/nftables.
December 28, 2022, 7:22pm
A similar issue related to NFT_DUP was recently posted. You might chime in there for the CONNLIMIT functionality.
December 28, 2022, 7:39pm
Thanks for the suggestion, that makes sense to me and I will post in that thread as well.
January 7, 2023, 7:40pm
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.