nftables queue with script

linux queue nftables

I am learning nftables and the goal is to filter packets based on ip and port destination. They have to be enqueued to userspace where my script will change the payload field and send out the packet to destination.

The following rule enqueue packet:

% nft add filter input counter queue

I tried to add ip and port but command returns syntax error (unexpected daddr):

% nft add filter input udp daddr 192.168.1.111 dport 10100 counter queue

Next step is to connect a script to the queue to process packets. I installed libnetfilter-queue-dev but not clear how to use it.


Your arguments are in wrong order. Try the following:

nft add filter input ip daddr 192.168.1.111 udp dport 10100 counter queue

daddr belongs to IP packet matchers, while dport belongs to UDP packet matchers. Therefore the matchers need to be next to the associated protocol.

Related

Ubuntu 20.04 new fresh LVM on 5TiB shows just 4.1 TiB space
Mod-rewrite Port in Apache2
Unable to play FIFA 2022 online matches on Nintendo Switch
Is there a way to change the Automap size option in Diablo 2 via command line or key binding?
Bad Company 2 - Any way to remove/disable C4?
How should I feed a cat?
Custom Hotkeys for Starcraft 2
Strategy to defeat final boss in Advance Wars 1
Transferring points acquired by unlocking achievements to Bioware Points?
Is it worth it to shoot at the rocks in Beat Hazard?
How do I beat the false god in Ginormo Sword?
How can I butcher non-tame animals that I've captured?