Highest Voted 'nftables' Questions - Server Fault Stack Exchange

0

votes

1 answer

Access control rely on nftables, WireGuard and Reverse Path Forwarding only

I have an idea to host a web app that without built-in authentication on my server. And protect it by nftables, WireGuard and Reverse Path Forwarding only. The web server will listen to the server's WireGuard interface address, 10.0.0.1 in this…

asked Jun 22 '22 at 09:41

Waiho

23
5

0

votes

1 answer

Routing fwmark to VPN gateway using nftables mark

I'm trying to setup selective routing of a traffic filtered by IP address over OpenVPN on my OpenWRT router I have an OpenVPN profile up and working with route-nopull option to disable setting default gateway. The following commands are meant to…

iptables vpn routing openvpn nftables

asked May 15 '22 at 13:39

Alexey Martemyanov

1
1
2

0

votes

0 answers

Firewall - nftables blocks outbound traffic

I've got a VM at a hosting service and installed a basic firewall with nftables. However, when it is active, all outbound traffic seems to get blocked. For example, when trying to ping google.com, I get a No route to host error. This occurs for any…

firewall nftables

asked May 12 '22 at 11:55

Lithimlin

101
4

0

votes

1 answer

nftables nat counter incomplete

I'm trying to learn nftables/nat and have some simple experimental setup: Machine1 (router): - eth0 192.168.0.1 - eth1 192.168.1.1 Machine2: - eth0 192.168.1.2 For Machine1 I setup NAT: table ip nat { chain postrouting { …

nftables

asked Feb 23 '22 at 22:19

user236012

117
2
10

0

votes

0 answers

Rewriting Packet Destination using iptables and nftables

I have a RHEL 7 (IP 192.168.0.10/24) and RHEL 8 (IP 192.168.0.11/24) host both of which are getting duplicated packets from a router which are intended for a different host (IP 192.168.1.10/24). How can I use iptables on the RHEL 7 host and nftables…

iptables nftables

asked Jan 27 '22 at 16:55

glasstea

1

0

votes

2 answers

Why does SSH hang when using following nftables rules?

$ cat /etc/nftables.conf #!/usr/sbin/nft -f flush ruleset table ip firewall { chain input { type filter hook input priority filter; policy drop; iif "lo" accept iif != "lo" ip daddr 127.0.0.0/8 drop tcp dport 22 accept ct…

ssh nftables

asked Jan 07 '22 at 22:17

sunknudsen

701
3
14
28

0

votes

1 answer

NAT with masquerade on different interfaces that access different network with Nftables

I have a server that is connected to two network : 10.0.0.0/24 through an interface wlan0 192.168.1.0/24 through an interface eth0 I want to setup a Wireguard VPN to make both network accessible from outside. I activated ip forwarding in my config…

networking debian nftables

asked Dec 14 '21 at 10:03

Maeln

113
3

0

votes

1 answer

nftables natting with source IP

I have a server in a datacenter which is a Proxmox server. On the server (one of many, they are in a Proxmox cluster) I am hosting various VM's. Services on the VM's are exposed through iptables (using ufw) natting like the following example: -A…

iptables proxmox nftables dnat

asked Nov 15 '21 at 20:04

nobody

103
3

0

votes

1 answer

How to open up traffic for ip protocol ESP via iptables?

I have been researching and wasn't able to find a definitive answer to the equivalent of below: apt install nftables nft add rule inet filter input ip protocol esp counter accept in iptables? Is it as simple as doing this below or is there more to…

debian iptables nftables

asked Nov 10 '21 at 08:43

Houman

1,545
4
22
36

0

votes

3 answers

How to Accelerate Firewalld or should it be abandoned for nftables instead?

We have a problem where we set up a server running a service and it is capable of hundreds of simultaneous connections on port 3535 (arbitrarily assigned for this application). We have firewalld running on this near-end-host allowing connections…

firewalld nftables

asked Oct 16 '21 at 17:34

TekOps

71
4

0

votes

1 answer

nftables loopback connections not working in CentOS 7

I have removed firewalld and installed nftables in CentOS 7 (kernel 3.10.0-1160.42.2.el7.x86_64). My ruleset is as follows: # nft list ruleset table ip my_table { set ssh_evils { type ipv4_addr } set…

firewall centos7 nftables

asked Sep 10 '21 at 16:02

Chitholian

131
1
7

0

votes

1 answer

How to redirect DNS request to a remote systemd-resolved?

I was trying to make system-resolved as a remote DNS caching server (I know it is not intended to do so). I added the changed the net.ipv4.conf.br0.route_localnet to 1 and added the following nftable rules: table ip nat { chain prerouting { …

linux-networking nat nftables

asked Jul 26 '21 at 14:04

user762750

181
1
10

0

votes

0 answers

Lots's of ` kernel: [ ] output chain dropped: IN= OUT=enp0s31f6 ` in `/var/log/messages`

I already disble ipv6 in mypc debian 10 system,firewall is nftable. When I check /var/log/messages,lots of kernel: [ ] output chain dropped as below: Jul 13 11:03:14 mypc kernel: [ 8206.745775] output chain dropped: IN= OUT=enp0s31f6…

ubuntu debian iptables kernel nftables

asked Jul 13 '21 at 16:20

kittygirl

945
5
13
33

0

votes

2 answers

nftables forwarding from wlan0 to eth0, but nothing happens

I have a Raspberry Pi that's connected to a wireless router with wlan0, and there's a server that's connected to the eth0. Both these connections work fine. The eth0 between Pi and the server is statically configured so that Pi's eth0 has IP…

linux nftables

asked Jun 22 '21 at 11:34

manabreak

115
4

0

votes

0 answers

Nftables tproxy not working

I want to redirect all DNS traffic to proxy. For that i setup following rules in nftables: chain prerouting { type filter hook prerouting priority mangle; policy accept; udp dport 53 tproxy to :1 accept tcp dport 53…

linux networking transparent-proxy nftables

asked May 11 '21 at 22:04

Grigoriy Mikhalkin

101
3

Questions tagged [nftables]