++ example for nft

content/u/blog/nftables-magic-redirect-all-ports-to-one-port/contents.lr

@@ -76,7 +76,47 @@ table ip nat {
 ```
 
 
-## Other programs!
+## More sophisticated
+
+```
+[17:51:31] vpn-2a0ae5c1:~# cat /etc/nftables.conf
+#!/usr/sbin/nft -f
+
+flush ruleset
+
+table ip nat {
+	chain prerouting {
+		type nat hook prerouting priority -101;
+
+		# SSH works
+		#tcp dport != 22 redirect to 22
+
+		# wireguard doesn't
+		#udp dport != 51820 redirect to 51820
+		#
+		tcp dport != 22 jump port_redirect
+		udp dport != 51820 jump port_redirect
+	}
+
+	chain port_redirect {
+		counter comment "redirecting"
+		log prefix "port redir: "
+
+		# SSH works
+		tcp dport != 22 redirect to 22
+
+		# wireguard doesn't
+		udp dport != 51820 redirect to 51820
+
+	}
+
+	chain postrouting {
+		type nat hook postrouting priority -101;
+		counter comment "other side nat"
+		log prefix "port post-redir: "
+	}
+}
+```
 
 
 ## List of sites