2024-06-04 03:20:21 +03:00
|
|
|
#!/usr/sbin/nft -f
|
|
|
|
|
2024-06-06 07:44:26 +03:00
|
|
|
define n_tele4 = 198.18.0.0/15
|
|
|
|
define n_tele6 = 2001:db8:11::/80
|
2024-06-04 03:20:21 +03:00
|
|
|
|
|
|
|
table inet uni {
|
|
|
|
|
|
|
|
map tele4 { type ipv4_addr : ipv4_addr ; flags dynamic,timeout ; timeout 1m ; }
|
|
|
|
map tele6 { type ipv6_addr : ipv6_addr ; flags dynamic,timeout ; timeout 1m ; }
|
|
|
|
|
|
|
|
chain gtfo {
|
|
|
|
reject with icmpx type host-unreachable
|
|
|
|
drop
|
|
|
|
}
|
|
|
|
|
|
|
|
chain dnat_tele4 {
|
|
|
|
meta nfproto ipv4 meta l4proto tcp dnat ip to ip daddr map @tele4
|
|
|
|
meta nfproto ipv4 meta l4proto udp dnat ip to ip daddr map @tele4
|
|
|
|
goto gtfo
|
|
|
|
}
|
|
|
|
|
|
|
|
chain dnat_tele6 {
|
|
|
|
meta nfproto ipv6 meta l4proto tcp dnat ip6 to ip6 daddr map @tele6
|
|
|
|
meta nfproto ipv6 meta l4proto udp dnat ip6 to ip6 daddr map @tele6
|
|
|
|
goto gtfo
|
|
|
|
}
|
|
|
|
|
|
|
|
chain dnat_map4 {
|
|
|
|
ip daddr vmap {
|
|
|
|
$n_tele4 : goto dnat_tele4,
|
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
chain dnat_map6 {
|
|
|
|
ip6 daddr vmap {
|
|
|
|
$n_tele6 : goto dnat_tele6,
|
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
chain nat_prerouting {
|
|
|
|
type nat hook prerouting priority dstnat;
|
|
|
|
|
|
|
|
meta nfproto vmap {
|
|
|
|
ipv4 : jump dnat_map4,
|
|
|
|
ipv6 : jump dnat_map6,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
chain nat_output {
|
|
|
|
type nat hook output priority dstnat;
|
|
|
|
|
|
|
|
meta nfproto vmap {
|
|
|
|
ipv4 : jump dnat_map4,
|
|
|
|
ipv6 : jump dnat_map6,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
chain nat_postrouting {
|
|
|
|
type nat hook postrouting priority srcnat;
|
|
|
|
|
|
|
|
meta oiftype != loopback masquerade
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|