Is there a way to reset the Packets and Bytes counters for the firewall? I can see the counters running the command show firewall but can’t seem to figure how to reset them. Also since I believe they are anonymous nftables counters, the command sudo nft reset counters doesn’t reset them either.
So far there are no commands for this.
Anonymous counters are used in firewall rules, and so far nftables doesn’t support to reset them with one single command: Counters - nftables wiki
Possible solution: changing, adding, or deleting one single rule, will reload the complete ruleset- and all counters will be reset
Perhaps you can try this manually first and if succeeded make a script out of it?
Protip, dont do this while connected using SSH 
If you place it in /config it will follow you during upgrades.
sudo nft -s list ruleset > /config/ruleset.txt
sudo nft flush ruleset
sudo nft -o -f /config/ruleset.txt
from the wiki that @n.fort pasted, it appears the current recommended method is:
% (echo "flush ruleset"; nft --stateless list ruleset) | nft -f -
With the caveat:
Obviously, this drops all state so might have undesired side-effects, like, e.g. resetting quotas.
Sounds a little scary since I don’t know enough about nftables and how VyOS uses them.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.