Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
linux_router:nftables [2023-09-19 Tue wk38 19:59] – [Sample NFTables configuration] baumkp | linux_router:nftables [2024-06-16 Sun wk24 12:06] – [Router Configuration] baumkp | ||
---|---|---|---|
Line 1: | Line 1: | ||
{{tag> | {{tag> | ||
=====NFTables Configuration===== | =====NFTables Configuration===== | ||
+ | ====Router Configuration==== | ||
+ | <fc # | ||
+ | A router performs the following key features: | ||
+ | - A gateway between different network areas | ||
+ | - Restrict network traffic | ||
+ | - Forward Network traffic | ||
+ | - Track network traffic, allows traffic incoming only if response to out going (one way traffic) This is primary firewall action and primary security action! This is often confused with NAT, NAT is additional to this! | ||
+ | - NAT (Network Address Translation) is basically mandatory for IPv4 due to limited address space and optional for IPv6 | ||
+ | - NAT obfuscates Local IP addresses behind public addressable WAN IP address(es). | ||
+ | - NAT obfuscation wrecks simple end to end IP addressing that is required for some services, e.g. VoIP. This requires additional services to compensate, e.g. STUN/TURN services. | ||
+ | Key networks services, such as DNS and DHCP are separate functions that a router may perform, although correct router setup is required to allow these services to function. | ||
The best reference for nftables is at the dedicated wiki [[https:// | The best reference for nftables is at the dedicated wiki [[https:// | ||
Line 7: | Line 18: | ||
Dont forget to ensure the router is allowed to forward packets: | Dont forget to ensure the router is allowed to forward packets: | ||
- | * '' | + | * '' |
- | * '' | + | * '' |
* '' | * '' | ||
====Sample NFTables configuration==== | ====Sample NFTables configuration==== | ||
Line 273: | Line 284: | ||
++++mail server ports:| | ++++mail server ports:| | ||
- | * smtp {25} / smtps {465} | + | * smtp {25} / (smtps) submissions |
- | * imap {143} / imaps {993} (My mail server uses starttls | + | * imap {143} / imaps {993} - (My mail server uses starttls |
- | * | + | * pop3 {110} / pop3s {995} - who still uses pop3? |
+ | '' | ||
++++ | ++++ | ||
===Some configuration notes=== | ===Some configuration notes=== |