I need to set a laptop as a router, I use the wlan to connect to internet and eth as a gateway for a device which doesn't have wifi card.
I already configured dhcp on the eth, now I should redirect traffic by nftables:
- Code: Select all
#!/usr/sbin/nft -f
flush ruleset
table inet lan_to_wlan {
# allow all packets sent by the machine itself
chain output {
type filter hook output priority 100; policy accept;
}
# allow LAN to WLAN, disallow WLAN to LAN
chain input {
type filter hook input priority 0; policy accept;
iif "enp0s25" accept
iif "wlo1" drop
}
# allow packets from LAN to WLAN, and WLAN to LAN if LAN initiated the connection
chain forward {
type filter hook forward priority 0; policy drop;
iif "enp0s25" oif "wlo1" accept
iif "wlo1" oif "enp0s25" ct state related,established accept
}
}
It could be ok?
GabrieleMax