powerdns-remote-http-example/example-conf/nftables.conf

67 lines
1.5 KiB
Plaintext

#!/usr/sbin/nft -f
define n_tele4 = 198.18.0.0/15
define n_tele6 = 2001:db8:11::/80
table inet uni {
map tele4 { type ipv4_addr : ipv4_addr ; flags dynamic,timeout ; timeout 1m ; }
map tele6 { type ipv6_addr : ipv6_addr ; flags dynamic,timeout ; timeout 1m ; }
chain gtfo {
reject with icmpx type host-unreachable
drop
}
chain dnat_tele4 {
meta nfproto ipv4 meta l4proto tcp dnat ip to ip daddr map @tele4
meta nfproto ipv4 meta l4proto udp dnat ip to ip daddr map @tele4
goto gtfo
}
chain dnat_tele6 {
meta nfproto ipv6 meta l4proto tcp dnat ip6 to ip6 daddr map @tele6
meta nfproto ipv6 meta l4proto udp dnat ip6 to ip6 daddr map @tele6
goto gtfo
}
chain dnat_map4 {
ip daddr vmap {
$n_tele4 : goto dnat_tele4,
}
return
}
chain dnat_map6 {
ip6 daddr vmap {
$n_tele6 : goto dnat_tele6,
}
return
}
chain nat_prerouting {
type nat hook prerouting priority dstnat;
meta nfproto vmap {
ipv4 : jump dnat_map4,
ipv6 : jump dnat_map6,
}
}
chain nat_output {
type nat hook output priority dstnat;
meta nfproto vmap {
ipv4 : jump dnat_map4,
ipv6 : jump dnat_map6,
}
}
chain nat_postrouting {
type nat hook postrouting priority srcnat;
meta oiftype != loopback masquerade
}
}