-
Notifications
You must be signed in to change notification settings - Fork 107
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Incorrect rules in case if nftables is already present and activated #112
Comments
I have also changed my debian 12 to nftables and unfortunately my wiregard no longer works. The challenge was that I can't use the FORWARD chain because I use docker. So you have to use DOCKER-USER, but there is a bug in debian 12 nft/docker moby/moby#46147.
|
I wanted to have multiple instances of forward chains for easier management (i.e. drop the whole chain when the interface is stopped). If they have different priorities it should be possible, but I think it needs more testing. As for Docker, there is already a similar workaround for iptables. It probably needs to be mirrored to nftables. |
NFT rules refactoring for easy-wg-quick own tables (#112)
I have rewritten the NFT setup. The updated implementation has been under review for three weeks and the changes have now been merged. Therefore, I am closing this issue. If you encounter any problems or have any concerns with the fix, please feel free to reopen the bug for further discussion and resolution. |
Hello!
Thanks a lot for your script, but it took for me a few hours to detect why all doesn't work as should be at the computer with nftables already activated. In this case these rules ARE incorrect, or config is not full at least:
You should check the presence of the "main" forwarding chain and add rules to it like:
or something similar. If something is found, then CORRECT rules are:
You can leave your commands as they are, then you should add to the main forward chain something like to
jump %i-forward - i didn't checked it out, it's the common nftables idea to extend standard filters, to make jump to custom filters.
The text was updated successfully, but these errors were encountered: