^Bart
2023-07-19 14:08:42 UTC
Salve,
sto cercando di passare da iptables ad nftables quindi ho provato a
leggermi della documentazione di quest'ultimo ed a scrivere qualcosa ma
ho degli errori di sintassi, di seguito il contenuto del mio file:
#!/bin/bash
#Router script, forward wi-fi to eth for firewall update
#set static ip on eth0
ip a add XXX.XX.XXX.XXX/255.255.255.248 dev enp3s0
#set ipv4 forward
echo 1 > /proc/sys/net/ipv4/ip_forward
#set ip rules by iptables
#iptables -I FORWARD -i enp3s0 -o wlp2s0 -j ACCEPT
#iptables -t nat -I POSTROUTING -o wlp2s0 -j MASQUERADE
#load modules
modprobe nft_nat
modprobe nft_masq
#set ip rules with nftables version 1
nft add table inet gw
#nft flush table inet gw
nft add chain inet gw gw_chain '{ type filter hook input priority 0; }'
#nft flush chain inet gw gw_chain
nft add rule inet gw gw_chain ip filter FORWARD iifname "enp3s0" oifname
"wlp2s0" accept
nft add rule inet gw gw_chain ip nat postrouting oifname "wlp2s0" masquerade
#set ip rules with nftables version 2
#nft add table inet gw
#nft flush table inet gw
#nft add chain inet gw gw_chain '{type filter hook input priority 0; }'
#nft flush chain inet gw gw_chain
#nft insert rule inet gw gw_chain ip filter FORWARD iifname "enp0s25"
oifname "wlp2s0" counter accept
#nft insert rule inet gw gw_chain ip nat POSTROUTING oifname "wlp2s0"
counter masquerade
Come già accennato essendo "nuovo" di nftables di sicuro avrò fatto un
errore concettuale ma ora devo capire quale... :\
Saluti.
^Bart
sto cercando di passare da iptables ad nftables quindi ho provato a
leggermi della documentazione di quest'ultimo ed a scrivere qualcosa ma
ho degli errori di sintassi, di seguito il contenuto del mio file:
#!/bin/bash
#Router script, forward wi-fi to eth for firewall update
#set static ip on eth0
ip a add XXX.XX.XXX.XXX/255.255.255.248 dev enp3s0
#set ipv4 forward
echo 1 > /proc/sys/net/ipv4/ip_forward
#set ip rules by iptables
#iptables -I FORWARD -i enp3s0 -o wlp2s0 -j ACCEPT
#iptables -t nat -I POSTROUTING -o wlp2s0 -j MASQUERADE
#load modules
modprobe nft_nat
modprobe nft_masq
#set ip rules with nftables version 1
nft add table inet gw
#nft flush table inet gw
nft add chain inet gw gw_chain '{ type filter hook input priority 0; }'
#nft flush chain inet gw gw_chain
nft add rule inet gw gw_chain ip filter FORWARD iifname "enp3s0" oifname
"wlp2s0" accept
nft add rule inet gw gw_chain ip nat postrouting oifname "wlp2s0" masquerade
#set ip rules with nftables version 2
#nft add table inet gw
#nft flush table inet gw
#nft add chain inet gw gw_chain '{type filter hook input priority 0; }'
#nft flush chain inet gw gw_chain
#nft insert rule inet gw gw_chain ip filter FORWARD iifname "enp0s25"
oifname "wlp2s0" counter accept
#nft insert rule inet gw gw_chain ip nat POSTROUTING oifname "wlp2s0"
counter masquerade
Come già accennato essendo "nuovo" di nftables di sicuro avrò fatto un
errore concettuale ma ora devo capire quale... :\
Saluti.
^Bart