From 350f50bdf7c6e4256d7636f3637dcd8caf756e03 Mon Sep 17 00:00:00 2001
From: Nico Schottelius <nico@nico-notebook.schottelius.org>
Date: Thu, 7 Nov 2019 17:52:50 +0100
Subject: [PATCH] ++ example for nft

---
 .../contents.lr                               | 42 ++++++++++++++++++-
 1 file changed, 41 insertions(+), 1 deletion(-)

diff --git a/content/u/blog/nftables-magic-redirect-all-ports-to-one-port/contents.lr b/content/u/blog/nftables-magic-redirect-all-ports-to-one-port/contents.lr
index 810f5ff..b77d5eb 100644
--- a/content/u/blog/nftables-magic-redirect-all-ports-to-one-port/contents.lr
+++ b/content/u/blog/nftables-magic-redirect-all-ports-to-one-port/contents.lr
@@ -76,7 +76,47 @@ table ip nat {
 ```
 
 
-## Other programs!
+## More sophisticated
+
+```
+[17:51:31] vpn-2a0ae5c1:~# cat /etc/nftables.conf
+#!/usr/sbin/nft -f
+
+flush ruleset
+
+table ip nat {
+	chain prerouting {
+		type nat hook prerouting priority -101;
+
+		# SSH works
+		#tcp dport != 22 redirect to 22
+
+		# wireguard doesn't
+		#udp dport != 51820 redirect to 51820
+		#
+		tcp dport != 22 jump port_redirect
+		udp dport != 51820 jump port_redirect
+	}
+
+	chain port_redirect {
+		counter comment "redirecting"
+		log prefix "port redir: "
+
+		# SSH works
+		tcp dport != 22 redirect to 22
+
+		# wireguard doesn't
+		udp dport != 51820 redirect to 51820
+
+	}
+
+	chain postrouting {
+		type nat hook postrouting priority -101;
+		counter comment "other side nat"
+		log prefix "port post-redir: "
+	}
+}
+```
 
 
 ## List of sites