1 2 3 4 5 6 7 8 9 10 11 12 | # INTERNAL enp1s0 # EXTERNAL enp5s0 *nat -A POSTROUTING -o "enp5s0" -j MASQUERADE COMMIT *filter :INPUT ACCEPT [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] -A FORWARD -i "enp5s0" -o "enp1s0" -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT -A FORWARD -i "enp1s0" -o "enp5s0" -j ACCEPT COMMIT |