++ example for nft

This commit is contained in:
Nico Schottelius 2019-11-07 17:52:50 +01:00
parent 65259f4c76
commit 350f50bdf7

View file

@ -76,7 +76,47 @@ table ip nat {
```
## Other programs!
## More sophisticated
```
[17:51:31] vpn-2a0ae5c1:~# cat /etc/nftables.conf
#!/usr/sbin/nft -f
flush ruleset
table ip nat {
chain prerouting {
type nat hook prerouting priority -101;
# SSH works
#tcp dport != 22 redirect to 22
# wireguard doesn't
#udp dport != 51820 redirect to 51820
#
tcp dport != 22 jump port_redirect
udp dport != 51820 jump port_redirect
}
chain port_redirect {
counter comment "redirecting"
log prefix "port redir: "
# SSH works
tcp dport != 22 redirect to 22
# wireguard doesn't
udp dport != 51820 redirect to 51820
}
chain postrouting {
type nat hook postrouting priority -101;
counter comment "other side nat"
log prefix "port post-redir: "
}
}
```
## List of sites