Настройка nftaples
Просмотр правил:
nft list ruleset
nft list ruleset
Загрузка правил из файла конфигурации:
nft -f nftables.conf
nft -f nftables.conf
Маскарадинг:
nft add rule inet nat postrouting oifname enp0s25 masquerade
Проброс портов:
nft add rule inet nat prerouting meta iifname enp0s25 tcp dport 1080 dnat 172.16.1.115:80
Перезапись правил:
nft list ruleset > nftables.conf
#!/usr/sbin/nft -f
flush ruleset
table inet filter {
chain input {
type filter hook input priority 0;
}
chain forward {
type filter hook forward priority 0;
}
chain output {
type filter hook output priority 0;
}
}
table inet nat {
chain prerouting {
type nat hook prerouting priority 0; policy accept;
iifname "enp0s25" tcp dport { 80 } dnat ip to 172.16.1.115:80
}
chain postrouting {
type nat hook postrouting priority 100; policy accept;
oif enp0s25 ip saddr 172.16.1.0/24 masquerade
}
chain output {
type nat hook output priority 0; policy accept;
}
}
flush ruleset
table inet filter {
chain input {
type filter hook input priority 0;
}
chain forward {
type filter hook forward priority 0;
}
chain output {
type filter hook output priority 0;
}
}
table inet nat {
chain prerouting {
type nat hook prerouting priority 0; policy accept;
iifname "enp0s25" tcp dport { 80 } dnat ip to 172.16.1.115:80
}
chain postrouting {
type nat hook postrouting priority 100; policy accept;
oif enp0s25 ip saddr 172.16.1.0/24 masquerade
}
chain output {
type nat hook output priority 0; policy accept;
}
}
