packet filtering framework, userspace utility and compatibility layer for {ip,ip6}tables, developed as consolidated replacement for existing {ip,ip6,arp,eb}tables frameworks
Questions tagged [nftables]
219 questions
0
votes
0 answers
Setup dynamic ip route via rules
I've got a setup like:
|<-->|---> server 1 <---|
clients <-| <--> proxy <-->
|<-->|---> server 2 <---|
Hope my ASCII art works :)
On my proxy I would like to be able to route back via the server, the…
Alfred Balle
- 409
- 3
- 9
- 22
0
votes
1 answer
iif/oif and old fashioned Alias Addresses?
I have an eth0 on which I have created VLAN 2554 (using ip link add). And then I have added three addresses, giving each one a label (using ip address add ... label eth0.2554:99). And ip addr shows me:
3: eth0.2554@eth0:…
Chris Hall
- 191
- 1
- 1
- 7
0
votes
1 answer
Fail2ban + nftables = stderr: 'Error: Could not process rule: No such file or directory'
I've got a problem combining fail2ban and nftables. My setup is "Debian 10 + fail2ban + nftables".
At the end there is a problem adding a new rule if someone is banned by fail2ban:
2020-09-15 17:38:26,078 fail2ban.utils [626]: Level 39…
Moritz
- 111
- 2
0
votes
0 answers
nftables - One machine not able to access server
I am working on setting up my firewall on my server right now and it drives me crazy. I am using nftables aand have the following ruleset:
table inet filter {
map whitelist {
type ipv4_addr . inet_service : verdict
…
realShadow
- 71
- 1
- 10
0
votes
1 answer
NFTables Masquerade Not Working
I am trying to setup NFTables to forward traffic coming in on a specific UDP port to another server with a different IP address. However, it appears my masquerade rule isn't working. When I send packets to this specific UDP port, it attempts to…
Christian Deacon
- 43
- 1
- 6
0
votes
0 answers
What's wrong with this nftables rule?
I'm playing around with nftables a little bit and I've set up this rule to block all traffic coming from 192.168.0.29.
The curious result, however, is that it blocks the pings, but I can still SSH from that respective host, in spite of the…
Daniel
- 101
- 1
-1
votes
2 answers
nftables dnat forwarding is not working properly
Good day,
I am currently migrating from iptables to nftables.
The problem is my systemd containers are running behind NAT, but I want to forward ports like 443 or 80 to them.
There is no error message when I use the following set of commands, but…
TheGoliath
- 13
- 1
- 4
-1
votes
1 answer
How can nftables be configured using a declarative specification?
How can nftables be configured using a declarative specification? I've been reading up on Firewalld, iptables commands, etc. I'm looking for a way to write the rules in JSON, YAML, TOML, etc. and just "apply" them.
Corey
- 2,031
- 12
- 39
- 54
-1
votes
1 answer
IPv6 not working on Debian 11 with nftables/nginx
I'm running a webserver (nginx 1.21.6) on a Debian 11 system with nftables 0.9.8.
My nftables configuration is:
table inet filter {
chain input {
type filter hook input priority filter; policy drop;
ip saddr @spamhaus4 counter packets…
phonon112358
- 49
- 1
- 8