Hi... To control my outgoing traffic, I've redirected it to a local
proxy like this:
iptables -t nat -A OUTPUT -p tcp --dport XX -m owner --uid-owner imran
-j DNAT --to 127.0.0.1:YY
What's its equivalent on nftables?
As I explore my options, I've tried the following
without success. Is DNAT on Output unsupported on nftables?
I'm on Kernel 4.6.4. Looking at Arch Linux default kernel config,
I see everything is included for netfilter/nftables/iptables, etc..
Thanks for your comments...
chain out {
type filter hook output priority 0; policy drop;
meta skuid imran tcp dport XX counter dnat 127.0.0.1:YY # jump natout
}
# Gives error with DNAT
# If I change DNAT with JUMP, error is gone. But it doesn't do anything.
chain natout {
tcp dport XX counter dnat 127.0.0.1:YY # counts nothing!
counter # counts same as the counter at out
}
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
