Code1x1 Wiki

User Tools

Site Tools

Trace: nftables
kubernetes:nftables

This is an old revision of the document!

nftables

root@matellb:~# cat /etc/nftables.d/proxy.conf
#!/sbin/nft -f
 
flush ruleset
 
table ip filter {
    # allow all packets sent by the firewall machine itself
    chain output {
        type filter hook output priority 100; policy accept;
    }
 
    # allow LAN to firewall, disallow WAN to firewall
    chain input {
        type filter hook input priority 0; policy accept;
        iifname "wg0" accept
        iifname "eth0" accept
    }
 
    # allow packets from WG to WAN, and WAN to WG
    chain forward {
        type filter hook forward priority 0; policy accept;
        iifname "wg0" oifname "eth0" accept
        iifname "eth0" oifname "wg0" accept
    }
}
 
 
table ip nat {
    chain postrouting {
        type nat hook postrouting priority 100; policy accept;
        masquerade
    }
 
    chain prerouting {
        type nat hook prerouting priority -100; policy accept;
        ip daddr 128.140.47.251 tcp dport { 80, 443 } dnat to 192.168.8.10
        ip daddr 116.202.187.170 tcp dport { 80, 443 } dnat to 192.168.8.22
    }
}
kubernetes/nftables.1754424093.txt.gz · Last modified: by denis