I don't think I explained this very well, the VPN handles all the
routing as it should once I'm connected. What I am attempting to do is
block all outbound traffic if tun0 disappears - VPN fails. I did this
before using iptables and it works very well, I'm just trying to learn
something new with nftables and I'm not sure how to do this. If nftables
can't do it I'll just go back to iptables.
On 4/24/19 12:27 PM, Anton Danilov wrote:
Hi.
Firewall doesn't change the route decision directly, but you can use
policy based routing and firewall marks to change the route of packets.
On Wed, 24 Apr 2019 at 20:58, Paul Fontenot <wpfontenot@xxxxxxxxxxx
<mailto:wpfontenot@xxxxxxxxxxx>> wrote:
Good afternoon,
How would one force all traffic out of a particular interface? I am
trying to force all traffic out of a vpn interface but I'm not having
any luck - if I change the default policy from accept to drop and try
this block below I get nothing :/
chain output {
type filter hook output priority 0; policy drop;
counter
oif { lo, tun0 } accept
oif { enp3s0f1, wlp2s0 } ip daddr 192.168.0.0/24
<http://192.168.0.0/24> accept
oif { enp3s0f1, wlp2s0 } drop
oif { vmnet8 } accept
}
Can I do what I'm trying to do with nftables or should I toss it and go
back to iptables?
Thanks,
Paul
--
Anton.
