wg-quick nft instead of iptables
b13253 at gmail.com
b13253 at gmail.com
Mon Dec 9 13:28:50 CET 2019
nft is a replacement for iptables, and some distributions (e.g.
Debian) prefer using nft since it is more capable and advanced.
I think it is important to use nft first if it is installed on the
system, then fallback to iptables; rather than in the opposite order.
I suggest that it is better to modify the patch to support iptables
just in case nft is not pre-installed on some distros.
Best regards
On Mon, Dec 9, 2019 at 6:59 PM Jörg Thalheim <joerg at thalheim.io> wrote:
>
>
> Have you tried if iptables-nftables-compat (might have different names,
> depending distribution) works for the rules used in wg-quick?
> Its a wrapper that translate iptables rules to nft transparently
> by providing a iptables executable.
>
>
> Julian Wollrath <jwollrath at web.de> writes:
>
> > Hi,
> >
> > with the newest snapshot wg-quick unfortunately requires iptables while
> > I only have nftables installed. The attached diff handles the rules
> > with nftables instead, maybe somebody finds it useful. The small caveat
> > is, that the rule deletion might not work for everyone.
> >
> >
> > Cheers,
> > Julian
>
> _______________________________________________
> WireGuard mailing list
> WireGuard at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
More information about the WireGuard
mailing list