I've got a VM at a hosting service and installed a basic firewall with nftables.
However, when it is active, all outbound traffic seems to get blocked. For example, when trying to ping google.com, I get a No route to host error. This occurs for any host I try to ping.
Here's my (really basic) config:
#!/usr/sbin/nft -f
flush ruleset
table inet filter {
chain input {
type filter hook input priority 0; policy drop;
# allow connection from loopback
iifname lo accept;
# established/related connections
ct state {established, related} accept;
# drop invalid connections
ct state invalid drop;
# allow ping
ip protocol icmp icmp type echo-request accept;
icmpv6 type echo-request accept;
# allow ssh connection on port 22
tcp dport 22 accept;
log flags all;
}
chain forward {
type filter hook forward priority 0;
}
chain output {
type filter hook output priority 0; policy accept;
}
}
I just cannot figure out where my problem lies.
EDIT: After a bit more of trying out stuff I've set up a second VM from a different provider with the same problem.
Furthermore, right after I enable the firewall, there is a brief time period when commands like mtr and ping take longer to execute.
In the case of mtr, I first am able to get through to my target for about 10 seconds. Then, I start experiencing losses on the trace before getting the No route error after a little more time.
Sometimes I also get a Temporary failure in name resolution error instead when trying to execute the command. I'm not sure what exactly is causing this.
