我正在尝试切换到 nftables 来设置一些端口转发。但是当我启用 nftables 服务时,它会禁用我的 wifi 连接。尝试连接到接入点时,我得到Error: Connection activation failed: (4) The device could not be readied for configuration.如果我禁用nftableswifi,启动并连接没有问题。为了尝试复制我的设置,我从工作状态执行以下操作:
sudo iptables-save > iptables.conf
sudo iptables-restore-translate -f iptables.conf > nftables.conf
sudo mv nftables.conf /etc/nftables.conf
sudo systemctl enable nftables
reboot
重启后,wifi 接口不会启动。以下是/etc/nftables.conf
table ip filter {
chain INPUT {
type filter hook input priority filter; policy accept;
udp dport 67 counter packets 0 bytes 0 accept
udp dport 5353 counter packets 0 bytes 0 accept
tcp dport 5353 counter packets 0 bytes 0 accept
}
chain FORWARD {
type filter hook forward priority filter; policy accept;
iifname "wlp82s0" ip daddr 192.168.12.0/24 counter packets 0 bytes 0 accept
iifname "ap0" ip saddr 192.168.12.0/24 counter packets 0 bytes 0 accept
}
chain OUTPUT {
type filter hook output priority filter; policy accept;
}
}
table ip nat {
chain PREROUTING {
type nat hook prerouting priority dstnat; policy accept;
ip saddr 192.168.12.0/24 ip daddr 192.168.12.1 udp dport 53 counter packets 0 bytes 0 redirect to :5353
ip saddr 192.168.12.0/24 ip daddr 192.168.12.1 tcp dport 53 counter packets 0 bytes 0 redirect to :5353
}
chain INPUT {
type nat hook input priority 100; policy accept;
}
chain OUTPUT {
type nat hook output priority -100; policy accept;
}
chain POSTROUTING {
type nat hook postrouting priority srcnat; policy accept;
oifname != "ap0" ip saddr 192.168.12.0/24 counter packets 0 bytes 0 masquerade
}
}
如果我运行systemctl disable nftables,然后重新启动,一切又会恢复正常。如何使用 nftables 复制我的工作路由表?