⚙️How to Auto-Load nftables Masquerade Rules at Boot with systemd Service👨🏭
Driving SD-WAN Adoption in South Africa
To automatically load your nftables masquerade rules at boot, you need to create a systemd service that will apply the /etc/nftables/nft-masquerade.nft file when the system starts.
🛠️ Step 1: Create the Systemd Service
Open a terminal and create a new service file:
sudo nano /etc/systemd/system/nft-masquerade.service
Add the following content:
[Unit]
Description=Load nftables masquerade rules
After=network.target
Wants=network.target
[Service]
Type=oneshot
ExecStart=/usr/sbin/nft -f /etc/nftables/nft-masquerade.nft
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
🔄 Step 2: Reload Systemd & Enable the Service
Save the file (CTRL+X, then Y, then ENTER), then reload systemd to recognize the new service:
sudo systemctl daemon-reload
Enable the service so it starts automatically at boot:
sudo systemctl enable nft-masquerade.service
🚀 Step 3: Start & Verify
Manually start the service:
sudo systemctl start nft-masquerade.service
Check its status:
sudo systemctl status nft-masquerade.service
If everything is set up correctly, you should see "Active: exited successfully". 🎉
🛠️ Step 4: Testing
To verify that the rules are applied, run:
sudo nft list ruleset
This should display your nftables rules, including the masquerading setup.
✅ Done! Your nftables masquerade rules will now automatically load on boot using systemd. 🚀
