Thermalcircle

climbing the thermals

User Tools

Site Tools

linux:ipsec:example:ss1:nftables_ruleset

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
linux:ipsec:example:ss1:nftables_ruleset [2021-04-10] – html metatag robots noindex nofollow Andrej Stenderlinux:ipsec:example:ss1:nftables_ruleset [2022-01-30] (current) – refactored page structure, prep step Andrej Stender
Line 1: Line 1:
 ====== Nftables ruleset of Example Site-to-site VPN topology ====== ====== Nftables ruleset of Example Site-to-site VPN topology ======
-back to [[:blog:linux:nftables_ipsec_packet_flow|parent article]]+~~NOTOC~~
  
 {{ :linux:site-to-site-topo1.png?direct&600 |}} {{ :linux:site-to-site-topo1.png?direct&600 |}}
  
-===== r1 =====+===== Address-based VPN traffic distinction ===== 
 +The following are the complete Nftables rulesets for both VPN gateways ''r1'' and ''r2'' in the example setup described in article [[:blog:linux:nftables_ipsec_packet_flow|Nftables - Netfilter and VPN/IPsec packet flow]]. The distinction between VPN and non-VPN traffic is done based on the peer subnet addresses. 
 + 
 +==== r1 ====
 <code bash> <code bash>
 root@r1:~# nft list ruleset root@r1:~# nft list ruleset
Line 24: Line 27:
 </code> </code>
  
-===== r2 =====+==== r2 ====
 <code bash> <code bash>
 root@r2:~# nft list ruleset root@r2:~# nft list ruleset
linux/ipsec/example/ss1/nftables_ruleset.1618083228.txt.gz · Last modified: 2021-04-10 by Andrej Stender