nftables setting#

last update 2025/10/20

setting#

overview#

configure access permissions to the VPN port on the server and routing to wg0 using nftables.

setup#

config

config#

/etc/sysconfig/nftables.conf#
 1flush ruleset
 2
 3table ip filter {
 4   chain INPUT {
 5      type filter hook input priority 0; policy drop;
 6
 7      ct state established,related counter accept
 8      ct state new udp dport 51820 ip saddr @country_accept counter accept
 9   }
10   chain FORWARD {
11      type filter hook forward priority 0; policy accept;
12      iifname "wg0" accept;
13      tcp flags syn tcp option maxseg size set 1240;
14   }
15   chain OUTPUT {
16      type filter hook output priority 0; policy accept;
17   }
18}
19table ip nat {
20   chain prerouting {
21      type nat hook prerouting priority 0;
22   }
23   chain postrouting {
24      type nat hook postrouting priority 0;
25   ip saddr 172.16.0.0/24 oifname "<nic>" masquerade;
26   }
27}

start nftables#

systemctl enable nftables
systemctl start nftables