Packet duplication (mirror) #35
Replies: 2 comments
-
This can't be implemented to Foomuuri because nftables only supports "dup to" in ip/ip6 table, not in inet table. Foomuuri generates inet table. There is still a solution. With nftables you can use multible tables in parallel. Run following shell script to create another table to duplicate packets:
Foomuuri doesn't know anything about this table and doesn't touch it. You could even use Foomuuri's post_start hook to run it:
|
Beta Was this translation helpful? Give feedback.
-
Thank you for reply, I was going same route, only my thought was to add duplicator table with NF_IP_PRI_RAW (-300) to RAW chain.
|
Beta Was this translation helpful? Give feedback.
-
Hello Everyone,
I am trying to mirror inbound traffic on same machine just different interface.
I can't find good way to achieve with foomuuri.
NFtable rule
Beta Was this translation helpful? Give feedback.
All reactions