Sign in Subscribe
1 min read linux

replace iptables with nftables

replace iptables with nftables
Photo by U. Storsberg / Unsplash

enable ipv4 forward

# /etc/sysctl.conf

net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1

install & config ntfables

$ apt install nftables
$ mkdir /etc/nftables.conf.d

# /etc/nftables.conf.d/private.nft

define private_list = {
    0.0.0.0/8,
    10.0.0.0/8,
    127.0.0.0/8,
    169.254.0.0/16,
    172.16.0.0/12,
    192.168.0.0/16,
    224.0.0.0/4,
    240.0.0.0/4
}

# /etc/nftables.conf

#!/usr/sbin/nft -f

flush ruleset

include "/etc/nftables.conf.d/private.nft"

table ip nat {
    chain proxy {
        ip daddr $private_list return
            ip protocol tcp redirect to :7892
    }
    chain prerouting {
        type nat hook prerouting priority 0; policy accept;
        jump proxy
    }
}

Published by:

Suyi

You might also like...

Oct
05

pull docker image with proxy

1 min read
Nov
17

setup aria2 on ubuntu

1 min read
Nov
15

setup samba on ubuntu

1 min read
Nov
14

setup PVE and routerOS

1 min read
Nov
14

enable ssh key login

1 min read

Member discussion