Highest Voted 'nftables' Questions - Server Fault Stack Exchange

0

votes

1 answer

nftables - redirect port internally

i'm moving from windows to debian 10, and on windows i'm using portproxy to re-route a port netsh interface portproxy add v4tov4 listenport=9800 listenaddress=127.0.0.1 connectport=9078 connectaddress=127.0.0.1 I now need to do the above with…

asked Apr 04 '21 at 09:30

Quade

1
1

0

votes

1 answer

nftables define statement won't accept ipv6 addresses

I am unable to create an ip set (precisely, a subnet set) with the define statement in nftables nft -f rc.nftables rc.nftables:5:17-34: Error: Could not resolve hostname: Address family for hostname not supported define lov6 = {…

nftables

asked Mar 29 '21 at 13:08

meh

11
5

0

votes

2 answers

Is fail2ban working without firewalld?

do i need firewalld for fail2ban to work? Can fail2ban block IP's with iptables only? I've installed iptables-service on a CentOS 8 vps. I use nftables v0.9.3 (Topsy) to restrict/grant access. Firewalld is stopped and not running, but I guess…

centos iptables fail2ban firewalld nftables

asked Mar 21 '21 at 11:21

zippy-flop

21
4

0

votes

1 answer

position and override the default nftables rules

I recently installed Centos8 on a virtual machine to try nftables as a replacement for iptables. I installed it by choosing the full server with GUI option. With nft list rulset I have a long output with various rules that I don't need, I want to…

networking centos firewall boot nftables

asked Mar 17 '21 at 10:39

Tiziano Pedrazzoli

3
3

0

votes

1 answer

nftables queue with script

I am learning nftables and the goal is to filter packets based on ip and port destination. They have to be enqueued to userspace where my script will change the payload field and send out the packet to destination. The following rule enqueue…

linux queue nftables

asked Mar 15 '21 at 14:44

luke

1
2

0

votes

1 answer

How should I further troubleshoot port 53 incoming network connections?

I have a Debian 10 Buster server connected to a fiber Internet connection. I'm attempting to run a DNS service on port 53 of the server. What tools or techniques should I use to determine why packets are not arriving at my DNS service on the…

debian dns-hosting nftables

asked Mar 10 '21 at 13:33

EliRibble

3
1

0

votes

1 answer

nftables - how to log only specific type of traffic

My nftables.conf file looks like this. #!/usr/sbin/nft -f flush ruleset table inet filter { chain input { type filter hook input priority 0; # allow connecting to loopback interface iifname…

linux firewall logging filtering nftables

asked Jan 21 '21 at 23:25

beepbeep

11
3

0

votes

1 answer

Podman fails to add container to a pod [firewalld, nftables]

Can't start a podman container nor can I add container to a pod on CentOS8. I've tried the usual actions, e.g.: Made sure I am starting with clean state: sudo podman system reset which has deleted all images, containers, etc. sudo podman run -dt…

firewalld containers nftables podman

asked Jan 16 '21 at 21:22

mikitk

1
1

0

votes

0 answers

Limit traffic to any one device with nftables meters

I have a Linux server (up-to-date debian buster) acting as a firewall/router to share an Internet connection among several Windows 10 and Ubuntu Linux workstations (5-10, no more than that). Since the LAN is quite a bit faster than the Internet…

linux networking traffic-shaping qos nftables

asked Jan 16 '21 at 03:19

qid

111
4

0

votes

0 answers

GLOBAL lockout of ALL external incoming access attempts

I have stripped down my /etc/services file to bare minimum (according to my awareness of what is needed) for a Linux DESKTOP configuration accessing remote services and offering no services to remote clients. Notwithstanding that, knowing I might…

security iptables configuration nftables network-security

asked Jan 14 '21 at 01:39

Eric Marceau

101
4

0

votes

1 answer

nftables mangling without NOTRACK: what can happen?

I'm experimenting with stateless NAT using nftables. On the page about statelessly mangling protocol fields, the author says: Keep in mind the interactions with conntrack, flows with mangled traffic must be untracked Out of curiosity, what are…

iptables linux-networking nftables

asked Jan 11 '21 at 03:11

Einheri

195
2
7

0

votes

1 answer

Routing with nftables (Fedora33, nmcli, brctl)

A/ Host (Fedora 33) with Ethernet if eth0. ip 192.168.18.11(/24) and B1/ Kvm guest with if vnet0 enslaved to virbr101. ip 192.168.101.88(/24) (manual routing, static IP) or B2/ Kvm guest with if vnet1 enslaved to virbr102. ip 192.168.102.210(/24)…

routing kvm-virtualization bridge nftables nmcli

asked Dec 21 '20 at 02:02

asoundmove

266
1
2
6

0

votes

2 answers

Linux bind DNS Server is being targeted in a DNS Amplification attack

I have a Linux bind DNS Server which is being targeted in a DNS Amplification attack. I have applied DNS Response Rate Limiting and blocking of source IP Addresses, which has solved the immediate problem of excessive IP traffic from the…

bind fedora firewalld nftables

asked Nov 15 '20 at 04:29

Dale

11
1

0

votes

0 answers

Nftables, ssh server behind firewall. Pre/Post Routing

I want to make post- and prerouting rules to allow the following: I have an ssh server running on the internal network at port 22 that I want to make available externally on say port 2200. How would I proceed to make this possible? I have the…

routing port-forwarding nftables

asked Nov 05 '20 at 15:06

Henrik_er

23
1
4

0

votes

2 answers

Using nftables to forward HTTP(s) traffic to VM guest without masquerade

I am currently in the process of setting secure as possible KVM based server. The VM host should be more or less invisible to the internet and only VM guests running single services should be exposed. VM guests should have no internet access (--> no…

kvm-virtualization nat port-forwarding nftables masquerade

asked Sep 27 '20 at 22:29

Kound

118
3

Questions tagged [nftables]