On Sat 9 Jul 2022, at 07:17, Gareth Evans <donots...@fastmail.fm> wrote: [...] > If there is no drop by default, why add "policy accept" for > related/established as it does? Doesn't this happen anyway?
I suppose this probably modifies behaviour for otherwise closed ports (which would make sense for a firewall!) but I can't find much of a high-level overview in documentation - man nft, wiki. I would still be grateful for thoughts from experienced nft users if any issues seem to arise from the lack of qualified "policy drop" in input. Also for any good nft/netfilter overview articles etc. Thanks, Gareth
