0

I want to create a rule which can accept only these packets which have ip length greater than 2000

so I have my table (my_table) and chain(my_chain) and I am trying something like this:

sudo nft add rule inet my_table my_chain ip length > 2000 counter accept

but I've got the error:

`-bash: 2000: No such file or directory

I believe that there is a problem with '<'. How can I rewrite this rule without using comparison operators? Cause this is working:

sudo nft add rule inet my_table my_chain ip length != 2000 counter accept

but it has different meaning

4

2 回答 2

0

shell 解释>为重定向,因此需要使用反斜杠对其进行转义。

sudo nft add rule inet my_table my_chain ip length \> 2000 counter accept
于 2021-11-06T09:14:50.810 回答
0

好的,所以 ip length != 1-2000 正在工作

于 2021-10-26T18:25:15.940 回答