++ example for nft

2019-11-07 17:52:50 +01:00 · 2019-11-07 17:52:50 +01:00 · 350f50bdf7
commit 350f50bdf7
parent 65259f4c76
1 changed files with 41 additions and 1 deletions
--- a/content/u/blog/nftables-magic-redirect-all-ports-to-one-port/contents.lr
+++ b/content/u/blog/nftables-magic-redirect-all-ports-to-one-port/contents.lr
@ -76,7 +76,47 @@ table ip nat {
 ```


-## Other programs!
+## More sophisticated
+
+```
+[17:51:31] vpn-2a0ae5c1:~# cat /etc/nftables.conf
+#!/usr/sbin/nft -f
+
+flush ruleset
+
+table ip nat {
+	chain prerouting {
+		type nat hook prerouting priority -101;
+
+		# SSH works
+		#tcp dport != 22 redirect to 22
+
+		# wireguard doesn't
+		#udp dport != 51820 redirect to 51820
+		#
+		tcp dport != 22 jump port_redirect
+		udp dport != 51820 jump port_redirect
+	}
+
+	chain port_redirect {
+		counter comment "redirecting"
+		log prefix "port redir: "
+
+		# SSH works
+		tcp dport != 22 redirect to 22
+
+		# wireguard doesn't
+		udp dport != 51820 redirect to 51820
+
+	}
+
+	chain postrouting {
+		type nat hook postrouting priority -101;
+		counter comment "other side nat"
+		log prefix "port post-redir: "
+	}
+}
+```


 ## List of sites