https://rachelbythebay.com/w/2024/07/17/bpf/
systemd injects bpf program(s) when you filter traffic by IP address in a .service file. It rejects traffic by dropping it🚮past the ip[6]tables match, and well before it would generate a SYN/ACK.
No counters, no logs. 🫥
Packets disappear. 🫧
https://rachelbythebay.com/w/2024/07/17/bpf/ systemd injects bpf program(s) when you filter traffic by IP address in a .service file. It rejects traffic by dropping it🚮past the ip[6]tables match, and well before it would generate a SYN/ACK. No counters, no logs. 🫥 Packets disappear. 🫧