Hello,everyone
Ask about nftables
Now the following iptables rules
How to write the corresponding nftables rules
iptables -t nat -A postrouting_wan_rule -j ACCEPT -m policy --dir out --pol ipsec --reqid 10 -m set --match-set ipset_table dst
thanks for your reply
But I tried many times to add to the srcnat chain, but failed, I don't know where I didn't do it well
(Is the srcnat chain equivalent to the postrouting_wan_rule of iptables ?)
It states that it is not supported. You need to find a supported way to achieve what you need, or maybe you are missing some modules/packages.
nft insert rule inet fw4 srcnat_wan ipsec out reqid 10 ip daddr @ipset_table accept
Insert (do not append) the rule into the srcnat_wan chain.
secpath is deprecated. You should use ipsec expressions.
The ipset_table set could be created in /etc/config/firewall using the standard uci syntax.
Here is a good article with some examples:
https://thermalcircle.de/doku.php?id=blog:linux:nftables_demystifying_ipsec_expressions
4 Likes
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.