Skip to content

Debian Buster notes

Jump to bottom Edit New page
Russell-Jones edited this page Jul 28, 2019 · 1 revision 
apt install nftables
systemctl enable nftables.service

/etc/sysctl.conf

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

/etc/nftables.conf

#!/usr/sbin/nft -f

flush ruleset

table ip filter {
	chain INPUT {
		type filter hook input priority 0; policy accept;
		iifname "tun*" counter packets 1 bytes 1047 accept
	}

	chain FORWARD {
		type filter hook forward priority 0; policy accept;
		oifname "tun*" counter packets 798 bytes 719058 accept
		iifname "tun*" counter packets 832 bytes 166183 accept
	}

	chain OUTPUT {
		type filter hook output priority 0; policy accept;
	}
}
table ip nat {
	chain PREROUTING {
		type nat hook prerouting priority -100; policy accept;
	}

	chain INPUT {
		type nat hook input priority 100; policy accept;
	}

	chain POSTROUTING {
		type nat hook postrouting priority 100; policy accept;
		oifname "EXTERNAL_ADAPTER" counter packets 57 bytes 34316 masquerade 
	}

	chain OUTPUT {
		type nat hook output priority -100; policy accept;
	}
}
Add a custom footer
Add a custom sidebar
Clone this wiki locally