Commit
a7e50adeecbdae87f34fccce6883f53bb02e6f11
by Vadim Yanitskiynft_kpi: add udp/2152 filtering rules separately
Mixing declarative and imperative syntax is supported by recent
nftables versions, but is known to be broken in older releases.
This affects the nftables version currently provided by Osmocom
for Debian 12 (bookworm): 1.0.6.3~osmocom.429.7d98.
As a result, the generated ruleset ends up accepting all packets rather
than only udp/2152 as intended. Consequently, the nftables counters do
not reflect GTP-U traffic alone, but also include signalling traffic.
Let's work this around by adding the udp/2152 filtering rules separately
using the imperative syntax. Split the logic for adding a chain into
a separate function to avoid code duplication.
Change-Id: I36eb3b18751fc029297fb91545af2d28e61067fd
Related: SYS#7808
![[Jenkins]](/jenkins/static/57a8988d/images/svgs/logo.svg){kind=logo}
