diff options
| author | Xiao Pan <xyz@flylightning.xyz> | 2025-07-30 23:18:50 +0800 |
|---|---|---|
| committer | Xiao Pan <xyz@flylightning.xyz> | 2025-07-30 23:18:50 +0800 |
| commit | cac2affdc1f907334036b4cc32164db1080b74df (patch) | |
| tree | ccd26ea4bf1877f7ab377d57cf9ad1469e91484f | |
| parent | 1c21c46c5acbe54e6e5e909a8f7b3c2537047f3f (diff) | |
use iifname so nft still work if interface does not exist
| -rw-r--r-- | configs/configs_root_dir/etc/nftables_phantun_wg_server.conf | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/configs/configs_root_dir/etc/nftables_phantun_wg_server.conf b/configs/configs_root_dir/etc/nftables_phantun_wg_server.conf index 4c7d084..0d803d8 100644 --- a/configs/configs_root_dir/etc/nftables_phantun_wg_server.conf +++ b/configs/configs_root_dir/etc/nftables_phantun_wg_server.conf @@ -74,8 +74,8 @@ table inet nat { chain prerouting { type nat hook prerouting priority dstnat policy accept - iif $pub_iface tcp dport 59083 dnat ip to 10.0.2.2 - iif $pub_iface tcp dport 59083 dnat ip6 to fdc9:281f:04d7:9eeb::2 + iifname $pub_iface tcp dport 59083 dnat ip to 10.0.2.2 + iifname $pub_iface tcp dport 59083 dnat ip6 to fdc9:281f:04d7:9eeb::2 } # newer kernel no need for `chain prerouting { type nat hook prerouting priority -100; policy accept; }`, more see https://www.procustodibus.com/blog/2021/11/wireguard-nftables/ # for all packets to $pub_iface, after routing, replace source address with primary IP of $pub_iface interface |