To automatically load your nftables masquerade rules at boot, you need to create a systemd service that will apply the /etc/nftables/nft-masquerade.nft file when the system starts.

🛠️ Step 1: Create the Systemd Service

Open a terminal and create a new service file:

sudo nano /etc/systemd/system/nft-masquerade.service

Add the following content:

[Unit]
Description=Load nftables masquerade rules
After=network.target
Wants=network.target

[Service]
Type=oneshot
ExecStart=/usr/sbin/nft -f /etc/nftables/nft-masquerade.nft
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

🔄 Step 2: Reload Systemd & Enable the Service

Save the file (CTRL+X, then Y, then ENTER), then reload systemd to recognize the new service:

sudo systemctl daemon-reload

Enable the service so it starts automatically at boot:

sudo systemctl enable nft-masquerade.service

🚀 Step 3: Start & Verify

Manually start the service:

sudo systemctl start nft-masquerade.service

Check its status:

sudo systemctl status nft-masquerade.service

If everything is set up correctly, you should see "Active: exited successfully". 🎉

🛠️ Step 4: Testing

To verify that the rules are applied, run:

sudo nft list ruleset

This should display your nftables rules, including the masquerading setup.

✅ Done! Your nftables masquerade rules will now automatically load on boot using systemd. 🚀

⚙️How to Auto-Load nftables Masquerade Rules at Boot with systemd Service👨‍🏭

🛠️ Step 1: Create the Systemd Service

🔄 Step 2: Reload Systemd & Enable the Service

🚀 Step 3: Start & Verify

🛠️ Step 4: Testing

Subscribe to my newsletter

Ronald Bartels

Ronald Bartels