linux:ipsec:example:ss1:nftables_ruleset
This is an old revision of the document!
Table of Contents
Nftables ruleset of Example Site-to-site VPN topology
back to parent article
r1
root@r1:~# nft list ruleset table ip nat { chain postrouting { type nat hook postrouting priority srcnat; policy accept; oif eth1 ip daddr 192.168.2.0/24 accept oif eth1 masquerade } } table ip filter { chain forward { type filter hook forward priority filter; policy drop; iif eth0 oif eth1 accept iif eth1 oif eth0 ct state established,related accept iif eth1 oif eth0 ip saddr 192.168.2.0/24 ct state new accept } }
r2
root@r2:~# nft list ruleset table ip nat { chain postrouting { type nat hook postrouting priority srcnat; policy accept; oif eth1 ip daddr 192.168.1.0/24 accept oif eth1 masquerade } } table ip filter { chain forward { type filter hook forward priority filter; policy drop; iif eth0 oif r2 accept iif eth1 oif r2 ct state established,related accept iif eth1 oif r2 ip saddr 192.168.1.0/24 ct state new accept } }
linux/ipsec/example/ss1/nftables_ruleset.1592853366.txt.gz ยท Last modified: 2020-06-22 by Andrej Stender