flush ruleset table inet filter { chain input { type filter hook input priority 0; } chain forward { type filter hook forward priority 0; policy drop; ct state established,related accept ip saddr 172.16.0.0/26 oifname "enp1s0" accept ip saddr 172.16.1.0/24 ip daddr 172.16.0.0/26 tcp dport 3128 accept } chain output { type filter hook output priority 0; } } table ip nat { chain pre { type nat hook input priority 0; } chain post { type nat hook output priority 0; ip saddr 172.16.0.0/26 oifname "enp1s0" masquerade ip saddr 172.16.1.0/24 oifname "enp1s0" masquerade } }