0

Typically the /etc/network/interfaces file on Debian can include routing requirements such as

post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE

If i wanted to exclusively use UFW (and not touch the interfaces file) where would I put the post-down line?

I know that the post-up line equivalent can be put inside /etc/ufw/before.rules like so:

*nat :POSTROUTING ACCEPT [0:0] -A POSTROUTING -s 10.10.10.0/24 -o vmbr0 -j MASQUERADE COMMIT

thanks,

Improve this question

1 Answer 1

Reset to default
1

Not recommended but you can edit the function stop/restart on /lib/ufw/ufw-init otherwise you can start a watching script with /etc/ufw/after.init that would fire your post-down when the interface is down... this may be helpful to write the watching script.

More info

Improve this answer
1
  • 1
    Thank you, and welcome to StackExchange. I may resort to iptables and ditch UFW! Commented Jun 20, 2020 at 8:29

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.