Using nftables instead of iptables
Posted: Fri Jan 13, 2017 4:18 pm
Hi,
I noticed that when I start vpnserver there are following iptables rules added:
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP icmp -- !127.164.127.124 !127.202.195.175 icmp port-unreachable connmark match ! 0x43c51593
DROP tcp -- !127.129.212.46 !127.107.205.206 tcp spts:61001:65535 flags:RST/RST connmark match ! 0x79a30f60
and it seems to me if I remove them vpnserver stops working. How I can use nftables instead of iptables ?
Thanks...
I noticed that when I start vpnserver there are following iptables rules added:
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP icmp -- !127.164.127.124 !127.202.195.175 icmp port-unreachable connmark match ! 0x43c51593
DROP tcp -- !127.129.212.46 !127.107.205.206 tcp spts:61001:65535 flags:RST/RST connmark match ! 0x79a30f60
and it seems to me if I remove them vpnserver stops working. How I can use nftables instead of iptables ?
Thanks...