Thermalcircle.de

climbing the thermals

User Tools

Site Tools


linux:ipsec:example:ss1:nftables_ruleset

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
linux:ipsec:example:ss1:nftables_ruleset [2020-06-22] – created Andrej Stenderlinux:ipsec:example:ss1:nftables_ruleset [2022-01-30] (current) – refactored page structure, prep step Andrej Stender
Line 1: Line 1:
 ====== Nftables ruleset of Example Site-to-site VPN topology ====== ====== Nftables ruleset of Example Site-to-site VPN topology ======
-back to [[:blog:linux:nftables_ipsec_packet_flow|parent article]]+~~NOTOC~~
  
-{{ :wiki:linux:site-to-site-topo1.png?direct&600 |}}+{{ :linux:site-to-site-topo1.png?direct&600 |}}
  
-===== r1 =====+===== Address-based VPN traffic distinction ===== 
 +The following are the complete Nftables rulesets for both VPN gateways ''r1'' and ''r2'' in the example setup described in article [[:blog:linux:nftables_ipsec_packet_flow|Nftables - Netfilter and VPN/IPsec packet flow]]. The distinction between VPN and non-VPN traffic is done based on the peer subnet addresses. 
 + 
 +==== r1 ====
 <code bash> <code bash>
 root@r1:~# nft list ruleset root@r1:~# nft list ruleset
Line 24: Line 27:
 </code> </code>
  
-===== r2 =====+==== r2 ====
 <code bash> <code bash>
 root@r2:~# nft list ruleset root@r2:~# nft list ruleset
Line 43: Line 46:
 } }
 </code> </code>
- 
  
 {{htmlmetatags>metatag-robots=(noindex,nofollow)}} {{htmlmetatags>metatag-robots=(noindex,nofollow)}}
 +
linux/ipsec/example/ss1/nftables_ruleset.1592853366.txt.gz · Last modified: 2020-06-22 by Andrej Stender