#!/usr/sbin/nft -f flush ruleset; table ip nat { chain prerouting { type nat hook prerouting priority 0; tcp dport { http, https, ssh } ip daddr 136.243.xx.xx/32 dnat 10.10.0.90 } chain postrouting { type nat hook postrouting priority 100; ip saddr 10.10.0.0/24 ip daddr != 10.10.0.0/24 oifname "enp2s0" masquerade } chain output { type nat hook output priority 0; tcp dport { http, https, ssh } ip daddr 136.243.xx.xx/32 dnat 10.10.0.90 } } table inet filter { chain input { type filter hook input priority 0; } chain forward { type filter hook forward priority 0; } chain output { type filter hook output priority 0; } }