👀 Views: 0 💬 Answers: 1 📅 Created: 2025-07-23

linux nftables ipv6 bash

I've searched everywhere and can't find a clear answer... I'm having trouble getting `nftables` to properly recognize and manage IPv6 addresses on my Ubuntu 22.04 server. I've set up a simple rule to block an IPv6 address, but it seems like the rule is being ignored. Here’s what I tried: I created a basic `nftables` configuration file with the following content: ```bash #!/usr/sbin/nft -f table inet filter { chain input { type filter hook input priority 0; policy accept; ip6 saddr 2001:db8::1 drop; } } ``` After saving this as `/etc/nftables.conf`, I ran `sudo nft -f /etc/nftables.conf` to load the rules. However, when I check the rules with `nft list ruleset`, I can see the entry but it doesn’t seem to block any traffic from the specified IPv6 address. To troubleshoot, I verified that the `nftables` service is running with `systemctl status nftables`, and it shows that the service is active. I also made sure to restart the service after applying the rules. When doing a test with `ping6 2001:db8::1`, I still receive replies, which indicates that the filtering is not working as intended. I've double-checked the `sysctl` settings for IPv6, particularly `net.ipv6.conf.all.disable_ipv6`, which is set to `0` (meaning IPv6 is enabled). I even tried explicit logging in the chain by adding `log prefix "Nftables: "` before the drop rule, but I don't see any logs showing that packets are being dropped. Are there any specific configurations or additional steps I might be missing to ensure `nftables` properly recognizes and filters IPv6 traffic? I’d appreciate any insights or suggestions on how to resolve this scenario. Am I missing something obvious?