default input policy is not realized

[toralf]

I do have

  iptables -P INPUT  ${DEFAULT_POLICY_INPUT:-DROP}

here https://github.com/toralf/torutils/blob/main/ipv4-rules.sh#L6

and verified it

Chain INPUT (policy DROP 110 packets, 6110 bytes)
 pkts bytes target     prot opt in     out     source               destination

but I do get from the exporter:

 # curl -s localhost:9455/metrics  | grep -i policy | grep INPUT
ip6tables_chain_bytes_total{chain="INPUT",policy="ACCEPT",table="filter"} 0
ip6tables_chain_packets_total{chain="INPUT",policy="ACCEPT",table="filter"} 0
iptables_chain_bytes_total{chain="INPUT",policy="ACCEPT",table="filter"} 5294
iptables_chain_packets_total{chain="INPUT",policy="ACCEPT",table="filter"} 90

I had similar issue with the rule values too.

[gwynnarth]

I can confirm. The exporter outputs:

iptables_chain_packets_total{chain="INPUT",policy="ACCEPT",table="filter"} 8
iptables_chain_bytes_total{chain="INPUT",policy="ACCEPT",table="filter"} 480

for the following iptables-save --counter output:

$ iptables-save --counter
# Generated by iptables-save v1.8.9 (nf_tables) on Thu Apr 24 06:11:09 2025
*filter
:INPUT DROP [8:480]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
[...]