nftables :: Pastes

Text

No description

Guest

#!/usr/sbin/nft -f

flush ruleset;

table ip nat {

chain prerouting {

type nat hook prerouting priority 0;

tcp dport { http, https, ssh } ip daddr 136.243.xx.xx/32 dnat 10.10.0.90

}

chain postrouting {

type nat hook postrouting priority 100;

ip saddr 10.10.0.0/24 ip daddr != 10.10.0.0/24 oifname "enp2s0" masquerade

}

chain output {

type nat hook output priority 0;

tcp dport { http, https, ssh } ip daddr 136.243.xx.xx/32 dnat 10.10.0.90

}

table inet filter {

chain input {

type filter hook input priority 0;

}

chain forward {

type filter hook forward priority 0;

}

chain output {

type filter hook output priority 0;

}