I have a wireguard interface configured in a dedicated namespace vpn. It is configured first creating the interface in the main namespace (that has access to the physical interface routing to the Internet `eno1`), then moving the Wireguard interface `wg0` to the vpn namespace (Reference [1]). The ruleset I've configured on the main, "physical", namespace disallow traffic going over the VPN. Can you please help tweak my configuration to allow traffic going out / in from the `wg0` interface in the vpn namespace? Same question for StackExchange rep for those who might care: https://superuser.com/questions/1746449/how-to-allow-traffic-over-vpn-across-namespaces-using-nftables [1]: https://www.wireguard.com/netns/#the-new-namespace-solution --- Ruleset --- sudo nft -a list table inet filter table inet filter { # handle 15 set blackhole { # handle 4 type ipv4_addr elements = { 224.0.0.1, 224.0.0.251, 255.255.255.255 } } set in_tcp_accept { # handle 5 type inet_service flags interval elements = { 22 } } set ip6blackhole { # handle 6 type ipv6_addr elements = { ff02::16 } } set out_tcp_accept { # handle 7 type inet_service flags interval elements = { 80, 443, 11371 } } set out_udp_accept { # handle 8 type inet_service flags interval elements = { 53, 67, 123 } } chain global { # handle 1 ct state established,related accept # handle 12 ct state invalid drop # handle 13 } chain input { # handle 2 type filter hook input priority filter; policy drop; jump global # handle 14 ip daddr @blackhole counter packets 0 bytes 0 drop # handle 15 ip6 daddr @ip6blackhole counter packets 0 bytes 0 drop # handle 16 iif "lo" accept # handle 17 meta l4proto { icmp, ipv6-icmp } accept # handle 18 tcp dport @in_tcp_accept ct state new accept # handle 19 tcp dport { 80, 443 } ct state new accept # handle 20 udp dport 51821 accept # handle 21 } chain output { # handle 3 type filter hook output priority filter; policy drop; jump global # handle 22 oif "lo" accept # handle 23 ip protocol icmp accept # handle 24 ip6 nexthdr ipv6-icmp counter packets 3 bytes 192 accept # handle 25 udp dport @out_udp_accept ct state new accept # handle 26 tcp dport @out_tcp_accept ct state new accept # handle 27 tcp sport 22 tcp flags { rst, psh | ack } counter packets 44 bytes 6052 accept # handle 28