nftables: Request for comments - packet flow diagram

nftables: Request for comments - packet flow diagram

[Maxime de Roucy]

[-- Attachment #1: Type: text/plain, Size: 1281 bytes --]

Hello,

I recently switch from iptables to nftables (I have a very
simple/personal firewall).

When I built my iptables firewall I refereed to the packet flow diagram
(by Jan Engelhardt) on iptables Wikipedia web page : 
https://en.wikipedia.org/wiki/Iptables#/media/File:Netfilter-packet-flow.svg

Using this diagram for nftables firewall is hard as some concept
changed.

I did some tests and draw my own diagram (using yed editor) covering
all netdev, ip, ip6, inet, bridge and arp tables :

https://pelican.craoc.fr/#packet-flow

Direct URL and yed sources :
 * https://pelican.craoc.fr/images/packet_flow.svg
 * https://pelican.craoc.fr/images/packet_flow.graphml

Can you please verify it ? Feedback would be much appreciated :)
I am not a network expert but the subject interest me and I would like
to know if I misunderstand something.

I put this diagram on CC-BY-SA license so feel free to use/modify it if
you like.

Note: I draw an arp-forward-filter chain in the diagram because I can
create one, but I can't actually saw any packet going through it.
I think it's a bug, so I draw it anyway. More informations :

 * https://pelican.craoc.fr/#arp-vm1-vm2
 * http://marc.info/?l=netfilter&m=149410713429067
-- 
Regards
Maxime de Roucy

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 833 bytes --]