Nftables rules

Ask about nftables
Now the following iptables rules
How to write the corresponding nftables rules
iptables -t nat -A postrouting_wan_rule -j ACCEPT -m policy --dir out --pol ipsec --reqid 10 -m set --match-set ipset_table dst

thanks for your reply
But I tried many times to add to the srcnat chain, but failed, I don't know where I didn't do it well
(Is the srcnat chain equivalent to the postrouting_wan_rule of iptables ?)

It states that it is not supported. You need to find a supported way to achieve what you need, or maybe you are missing some modules/packages.

nft insert rule inet fw4 srcnat_wan ipsec out reqid 10 ip daddr @ipset_table accept

Insert (do not append) the rule into the srcnat_wan chain.

secpath is deprecated. You should use ipsec expressions.

The ipset_table set could be created in /etc/config/firewall using the standard uci syntax.

Here is a good article with some examples:


This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.