Personal Blog of Andrej Stender, covering Linux and other topics.
Blog
Latest
Archive
Tags
My Profiles
GitHub
LinkedIn
Xing
Facebook
Misc
Legal Notice
Privacy Policy
About this Website
User Tools
Sidebar
linux:ipsec:example:ss1:nftables_ruleset
Table of Contents
Nftables ruleset of Example Site-to-site VPN topology
back to parent article
r1
root@r1:~# nft list ruleset table ip nat { chain postrouting { type nat hook postrouting priority srcnat; policy accept; oif eth1 ip daddr 192.168.2.0/24 accept oif eth1 masquerade } } table ip filter { chain forward { type filter hook forward priority filter; policy drop; iif eth0 oif eth1 accept iif eth1 oif eth0 ct state established,related accept iif eth1 oif eth0 ip saddr 192.168.2.0/24 ct state new accept } }
r2
root@r2:~# nft list ruleset table ip nat { chain postrouting { type nat hook postrouting priority srcnat; policy accept; oif eth1 ip daddr 192.168.1.0/24 accept oif eth1 masquerade } } table ip filter { chain forward { type filter hook forward priority filter; policy drop; iif eth0 oif r2 accept iif eth1 oif r2 ct state established,related accept iif eth1 oif r2 ip saddr 192.168.1.0/24 ct state new accept } }
linux/ipsec/example/ss1/nftables_ruleset.txt ยท Last modified: 2021-04-10 by Andrej Stender
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
