update nftables
This commit is contained in:
parent
6d55fb5efe
commit
60e2ecca40
3 changed files with 7 additions and 3 deletions
BIN
.DS_Store
vendored
Normal file
BIN
.DS_Store
vendored
Normal file
Binary file not shown.
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
.vscode/
|
|
@ -1,5 +1,4 @@
|
||||||
#!/usr/sbin/nft -f
|
#!/usr/sbin/nft -f
|
||||||
# /etc/nftables.conf
|
|
||||||
|
|
||||||
flush ruleset
|
flush ruleset
|
||||||
|
|
||||||
|
@ -8,11 +7,15 @@ define LAN = eth1
|
||||||
define WAN = eth0
|
define WAN = eth0
|
||||||
define LAN_SUBNET = 10.100.2.0/24
|
define LAN_SUBNET = 10.100.2.0/24
|
||||||
define WAN_IP = 45.139.163.92
|
define WAN_IP = 45.139.163.92
|
||||||
|
define FRONT_HTTP = 10.100.2.254
|
||||||
|
define RICK_VM = 10.100.2.252
|
||||||
|
|
||||||
table inet nat {
|
table inet nat {
|
||||||
chain prerouting {
|
chain prerouting {
|
||||||
type nat hook prerouting priority 0;
|
type nat hook prerouting priority 0;
|
||||||
|
iifname $WAN tcp dport {80, 443, 2222, 2223} dnat ip to $FRONT_HTTP;
|
||||||
|
iifname $WAN udp dport {443} dnat ip to $FRONT_HTTP;
|
||||||
|
iifname $WAN tcp dport {62142,62169,62420} dnat ip to $RICK_VM;
|
||||||
}
|
}
|
||||||
|
|
||||||
chain postrouting {
|
chain postrouting {
|
||||||
|
@ -40,4 +43,4 @@ table inet filter {
|
||||||
chain output {
|
chain output {
|
||||||
type filter hook output priority 0;
|
type filter hook output priority 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
Loading…
Reference in a new issue