Highest Voted 'nftables' Questions - Server Fault Stack Exchange

2

votes

1 answer

What wrong with snat in nftables?

I have two virtual machines (server, client) with wireguard vpn. When i try ping any IPv6 resource from client packets doesn't return to client. Tcpdump show me ICMP Reply packets in enp0s3 interface (server), not in wg0 (vpn interface on…

asked Jul 10 '17 at 21:04

Sorcus

27
1
5

2

votes

1 answer

nftables alternative command like iptables -L -n -v

there is an alternative for command iptables -L -n -v in nftables ?? I need the counter of packages that tomb on my firewall.

nftables

asked Jun 28 '17 at 21:40

VANILKA

123
4

2

votes

1 answer

nft bridge family ruleset not working

I have a Debian 11 server and I am running a Qemu/KVM virtual machine on it created via Qemu commands, there is a bridge device on the server named br0 and the VM has a TAP device named vm0. I want to avoid MAC/IP spoofing by creating an nft…

linux networking debian linux-networking nftables

asked Aug 24 '22 at 09:37

Skipper

63
9

2

votes

1 answer

iptables flushed on firewalld reload

I’m running on Rocky Linux (RHEL8 based) and am kind of struggling with firewalld and iptables. Well, not really iptables anyway… Let me explain. I setup a K8S cluster on VMWare ESXi with six virtual machines, all the same. I need to have firewalld…

iptables redhat firewalld centos8 nftables

asked Oct 06 '21 at 07:03

Nicolas Goudry

141
6

2

votes

1 answer

iptables/nftables: how to exclude all forwarded traffic from connection tracking on a router?

A Linux box has multiple network interfaces. IP forwarding is enabled for IPv4 and IPv6. I would like to protect the services running on the router itself via a stateful firewall. For that, connection tracking needs to be enabled. At the same time,…

iptables nftables

asked Sep 25 '21 at 12:03

Sven

123
5

2

votes

1 answer

configure my linux as a router, how do enable port forwarding with nftables?

I'm trying to configure my Gentoo Linux as a router. this is my configuration so far. WAN NIC is enp3s0 and LAN NIC is enp1s0f0 accepting connections to ICMP, tcp ports 53, 22, 80, 443, 445, 5900 and udp ports 53,67,68 from LAN accepting connection…

linux firewall nat nftables

asked Jun 23 '21 at 19:24

ufk

323
3
7
26

2

votes

0 answers

Route untagged vlan to a tagged vlan with nftables

I have played around a lot with nftables, but I am stuck on this problem for the entire day. I have a wifi ssid that gets tagged vlan20. This part works, and I can see that dnsmasq is assigning ip addresses from this range: #VLAN…

nftables systemd-networkd

asked Mar 22 '21 at 03:51

techwreck

21
2

2

votes

1 answer

Ping host with dual IPs on 1 IP, echo returns from other IP

I'm running Fedora 33 on a host (i5 cpu, 8Gb RAM, SSD and hdd) which is set up as a router; it has 5 NICs. I've managed to get dual internet gateways and dual LANs working reasonably well using nftables. One gateway is DSL with pppoe, the other a…

router fedora route gateway nftables

asked Mar 02 '21 at 08:17

Nibs Niven

23
4

2

votes

1 answer

Switch from existing firewalld configuration to nftables

I'm running a low-RAM VPS with CentOS 8. I've noticed that firewalld service uses way too much RAM (up to 20%). So I guess it may be better to switch to use only built-in nftables. I'm quite familiar with old iptables as well as firewalld…

centos iptables firewalld centos8 nftables

asked Nov 07 '20 at 10:45

simon

161
6

2

votes

2 answers

nft config to make a local NATed FTP server public available

Everything will be on a isolated network, security is not an issue. eth0 is connected to the "public" network. Address assigned by DHCP. eth1 is connected to a "private network" server that provides ssh, telnet, "others" and ftp. This server will…

ftp nat nftables

asked Aug 18 '20 at 06:59

Gunnar Holm

23
4

2

votes

0 answers

How do I proxy all local traffic on 127.0.0.1:1080 use nftables tproxy

On my desktop linux,I want to surf the Internet through a proxy VPN. I already have a client for a transparent proxy listing on 127.0.0.1:1080. I want the traffic generated by the local process to pass through this client. I know that TProxy is only…

vpn routing linux-networking transparent-proxy nftables

asked Jul 29 '20 at 16:45

junknet

21
1

2

votes

1 answer

Combined nftables rules for IPv4 and IPv6

One of the main advantages of nftables to iptables is a "Simplified dual stack IPv4/IPv6 administration, through the new inet family that allows you to register base chains that see both IPv4 and IPv6 traffic." (from the netfilter website) I'm…

firewall linux-networking ipv6 nftables

asked Jun 16 '20 at 09:51

hosi

21
3

2

votes

1 answer

iptables-like NETMAP with nftables

using nftables, I need to NAT an entire subnet to another one for example: 10.10.10.1 -> 10.200.0.1 10.10.10.2 -> 10.200.0.2 ... 10.10.10.X -> 10.200.0.X nftables docs here shows multiple NATs in one line, but how can I manage that use case if my…

linux linux-networking nat nftables

asked May 18 '20 at 11:50

ro-friday

23
4

2

votes

2 answers

Nftables - how not to dnat an ip on interface (DNS)

I have been searching, but cannot seem to find an answer to my specific issue. I have the following rule today under prerouting: iifname "br0" udp dport 53 counter dnat to 192.168.22.5:53 However, I have one issue, the IP address 192.168.22.5 is…

firewall routing dnat nftables

asked May 09 '20 at 12:16

Henrik_er

23
1
4

2

votes

0 answers

Flush old entries from nftable meter list

I use nftables to do rate limiting: chain input: { type filter hook input priority 0; policy accept; tcp dport http ct state new jump rate-limit } chain rate-limit { meter httplimit4 { ip saddr limit rate 2/second burst 20 packets }…

rate-limiting nftables

asked Mar 18 '20 at 11:07

router

21
1

Questions tagged [nftables]