On 4/24/19 13:56, Paul Fontenot wrote:
Good afternoon,
How would one force all traffic out of a particular interface? I am
trying to force all traffic out of a vpn interface but I'm not having
any luck - if I change the default policy from accept to drop and try
this block below I get nothing :/
chain output {
type filter hook output priority 0; policy drop;
counter
oif { lo, tun0 } accept
oif { enp3s0f1, wlp2s0 } ip daddr 192.168.0.0/24 accept
oif { enp3s0f1, wlp2s0 } drop
oif { vmnet8 } accept
}
Can I do what I'm trying to do with nftables or should I toss it and go
back to iptables?
Thanks,
Paul
That is just dropping packets that are routed to that interface. You
want to change the routing table so that packets go to the VPN interface
to begin with, which is not done with nftables or iptables.
See ip-route(8).
