Package: miniupnpd-nftables Version: 2.3.7-1 Followup-For: Bug #1066874 Of course I realise seconds later the actually reason why miniupnpd rules need living in the same hook as the main firewall (namely, traffic accepted in a miniupnpd table can still get dropped by the same hook in a different table that knows nothing about miniupnpd).
Back to the drawing board. Though I can't see how miniupnpd can configure itself correctly without cooperation from other nftables users. Sigh, -- System Information: Debian Release: trixie/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'stable-updates'), (500, 'stable-security'), (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 'testing'), (500, 'oldstable'), (490, 'stable-debug'), (490, 'stable'), (400, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 6.12.12-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages miniupnpd-nftables depends on: ii libc6 2.40-6 ii libmnl0 1.0.5-3 ii libnftnl11 1.2.8-1 ii miniupnpd 2.3.7-1 miniupnpd-nftables recommends no packages. miniupnpd-nftables suggests no packages. -- Configuration Files: /etc/miniupnpd/miniupnpd_functions.sh changed [not included] /etc/miniupnpd/nft_init.sh changed [not included] /etc/miniupnpd/nft_removeall.sh changed [not included] -- no debconf information
