Highest Voted 'nftables' Questions - Server Fault Stack Exchange

1

vote

0 answers

nftable access to LXD container

My plan is to provide a nextcloud container and a ONLYOFFICE container. I have a ubuntu LTS server system running. There are several LXD container running. I can access all container with browser via their difined ports; configured by…

asked Mar 04 '20 at 09:51

fruitystones

11
2

0

votes

1 answer

Now to allow source IP do specific port

I want to allow IP 1.2.3.4 on port 3306 with nftables, but I was not able to find how to actually insert port? I was trying something like nft insert saddr 1.2.3.4.5 ip daddr server_ip accept

firewall nftables

asked Jan 22 '20 at 11:24

Delirium

207
4
11

0

votes

1 answer

Port redirect for all interfaces with nft (nftables)

I have a relatively simple requirement that I want to solve with nft (nftables). It is to redirect all incoming packets from port 445 to port 1445. This should be done for all network interfaces. My current implementation only works locally and not…

linux-networking port-forwarding forwarding nftables

asked Jan 17 '20 at 15:59

Ben

101
4

0

votes

0 answers

How to connect from one WAN to the other on single machine and VM network?

I have quite complicated network setup, but I am also newbie in routing and similar topics. My ISP is providing several static IPs via PPPoE, let's call them IP0, IP1, IP2, IP3 and so on. IP0 is assigned to the router, and provided to the entire…

networking firewall routing linux-networking nftables

asked Jan 08 '20 at 12:30

user554684

0

votes

1 answer

Typical port forwarding with nftables example

I want to connect to a virtual VM hosted by the server 1.2.3.4 using ssh. The IP of the VM is 10.10.10.100. "nft list ruleset" prints: table inet filter { chain input { type filter hook input priority 0; policy drop; iif "lo"…

port-forwarding nftables

asked Oct 11 '19 at 10:17

Hamatoma

1
1
3

0

votes

2 answers

nftables named sets that match subnet using filter or variables

I want to match a set of networks by providing a subnet mask. Anonymous sets work but I want to create a predefined set to reuse it when needed. nft add set filter AllowedSSH { type ipv4_addr\;} // type for addreses nft add element filter AllowedSSH…

networking nftables

asked Aug 06 '19 at 09:37

dangquan091

1
1
1

0

votes

0 answers

Nftables Ruleset Fails to Apply Properly on Boot

Ubuntu 18.04.1. The exact same ruleset file produces different behaviour whether loaded by the system at boot (broken), or loaded manually after boot (works correctly). Specifically, when loaded at boot, nft appears to identify the traffic in…

ubuntu linux-networking ubuntu-18.04 nftables

asked Aug 29 '18 at 15:46

robut

101
2
4

0

votes

1 answer

Filter traffic from IPv4 to IPv6 and vice versa

I've tried to filter (using nftables, but I'm open for a change if it works using iptables) traffic coming from an IPv4 network to an IPv6 network, but can't figure out how to do it. Suppose I have a file with this rule: table inet filter { …

firewall ipv6 ipv4 traffic-filtering nftables

asked May 21 '18 at 18:56

Nisse

1

0

votes

1 answer

nftables configuration - allow mac on tcp port

im new in firewalls etc. readed nftables quick reference how to allow only my mac address (my device - laptop, phone etc.). allow my mac to access ssh port (port:22) tried that: ether saddr 00:00:00:00:00 tcp dport 22 accept;tcp 11:11:11:11:11…

ssh security firewall mac-address nftables

asked Dec 29 '16 at 23:26

gcboard

1
8

0

votes

0 answers

SSL Cerificates blocked by VPN?

I have a server that hosts a website delivered via https on port 443. The website is not directly open to the public internet, but traffic is routed via a VPN from an EC2 instance that has a public facing IP. The website can be accessed from the…

ssl nat nftables

asked Aug 29 '23 at 12:50

vascowhite

101
4

0

votes

0 answers

Use nftables to set up IPv6 NAT to IPv4

I am working on setting up a number of EC2 instances with IPv6-only networking. A few of these servers require occasional access to IPv4-only resources controlled by third-parties. Amazon has a blog post from February 2022 about using NAT Gateway…

nat ipv6 ipv4 nftables

asked Aug 11 '23 at 05:40

Moshe Katz

3,112
5
28
43

0

votes

1 answer

nftables netdev rewrite - what I'm doing wrong?

[EDITED] I'm receiving on physical interface ERSPAN-encapsulated traffic and need to process just a small part of it. In order to do this, I'm decapsulating traffic on local tunnel interface: ip link add dev inspan type erspan seq key 10 local…

linux-networking nftables

asked Aug 10 '23 at 21:30

Volodymyr Litovka

123
5

0

votes

1 answer

nftables masquerading is not working

I've a laptop (172.16.0.2) and a desktop PC (172.16.0.1). The phone is connected to the PC in USB modem mode, and it appears as the enp5s0f3u1 interface. I've set up masquerading through nftables so that the laptop can access the internet through…

linux-networking nat ethernet nftables masquerade

asked Aug 10 '23 at 14:31

BlitDev

1
2

0

votes

0 answers

Nftables DNAT from external to internal interface and different port where Web server is binded to, how?

There is multihomed Ubuntu 22.04: internal 192.168.0.99/24 external 12.12.12.12/29 (for example) acting as gateway also. All, including internet access from the server as well as from the Lan behind works, that is IP forwarding is on, SNAT is set…

local-area-network wide-area-network nftables dnat

asked Aug 04 '23 at 06:45

CpServiceSPb

1

0

votes

0 answers

nftables Rules for ProxyChains-over-Tor

I am trying to configure nftables rules for ProxyChains-over-Tor, so that: My system --> Tor SOCKS5 proxy --> HTTP proxy --> Internet My system can only communicate with Tor SOCKS5 proxy Tor SOCKS5 proxy can only communicate with my system and the…

iptables proxy nftables http-proxy tor

asked Jul 24 '23 at 04:07

user73q3277y23

1
1

Questions tagged [nftables]