r3nor
commented
2 years ago Hey, I don't really know how you would do it, but I can investigate if you still didn't find a way. Otherwise you can share how you did it :)
Closed shervinsahba closed 2 years ago
r3nor
commented
2 years ago Hey, I don't really know how you would do it, but I can investigate if you still didn't find a way. Otherwise you can share how you did it :)
shervinsahba
commented
2 years ago What I wrote above gets the tables to persist, for sure. For others who are tinkering: you may not be able to write to the file directly, so create it in your home dir and moved it to /etc/nftables.conf after backing up the original. On reboot, the mullvad-ts table should persist.
ufw also seems to still be working, but I should read up about how the firewalls are interacting to make sure there are no issues. I think the nftables daemon is just managing the filters for mullvad and tailscale, so it should be fine.
edgar-vincent
commented
2 years ago If you only want the Mullvad rules to persist, you shouldn't do nft list ruleset > /etc/nftables.conf.
Instead, in the mullvad-tailscale directory, do something like:
cat mullvad.rules | sudo tee -a /etc/nftables.conf
shervinsahba
commented
2 years ago Thanks @edgar-vincent, that's much more sensible. Since I wasn't using nft for anything besides mullvad at the time, I think it worked out okay, but I'm glad you mentioned it.
Thanks for the utility, @r3nor. This has worked very well on my end.
I don't use netfilter for any other application and rely on uft for a firewall, so it took me a few boots to realize that the mullvad-ts table created by
mtc confis wiped on reboot. In a way, it's nice to have a blank slate on boot, but if I wanted for the tables to persist, would running the following commands be all I need?Any recommendations or best practices would help. Thanks again!