#!/usr/sbin/nft -f

flush ruleset

# Define variables for interfaces and IP addresses
define LAN = eth1
define WAN = eth0
define LAN_SUBNET = 10.100.2.0/24
define WAN_IP = 45.139.163.92
define FRONT_HTTP = 10.100.2.254
define RICK_VM = 10.100.2.252

table ip nat {
    chain prerouting {
        type nat hook prerouting priority 0;
        iifname $WAN tcp dport {80, 443, 2222, 2223} dnat ip to $FRONT_HTTP;
        iifname $WAN udp dport {443} dnat ip to $FRONT_HTTP;
        iifname $WAN tcp dport {62142,62169,62420} dnat ip to $RICK_VM;
    }

    chain postrouting {
        type nat hook postrouting priority 100;
        oifname $WAN masquerade;
    }

    chain output {
        type nat hook output priority -100;
    }
}

table ip filter {
    chain input {
        type filter hook input priority 0;
    }

    chain forward {
        type filter hook forward priority 0;

        # Forward LAN traffic to WAN
        iifname $LAN ip saddr $LAN_SUBNET oifname $WAN accept;
    }

    chain output {
        type filter hook output priority 0;
    }
}