source-git / nftables

Clone
Source Code
GIT

Files

  1.   1227cde042e6591910a945b5d8b21a1576a371f7
  2.   tests
  3.   py
  4.   inet
  5.   dnat.t.json
Blob Blame History Raw 
# iifname "foo" tcp dport 80 redirect to :8080
[
    {
        "match": {
            "left": {
                "meta": {
                    "key": "iifname"
                }
            },
            "op": "==",
            "right": "foo"
        }
    },
    {
        "match": {
            "left": {
                "payload": {
                    "field": "dport",
                    "protocol": "tcp"
                }
            },
            "op": "==",
            "right": 80
        }
    },
    {
        "redirect": {
            "port": 8080
        }
    }
]

# iifname "eth0" tcp dport 443 dnat ip to 192.168.3.2
[
    {
        "match": {
            "left": {
                "meta": {
                    "key": "iifname"
                }
            },
            "op": "==",
            "right": "eth0"
        }
    },
    {
        "match": {
            "left": {
                "payload": {
                    "field": "dport",
                    "protocol": "tcp"
                }
            },
            "op": "==",
            "right": 443
        }
    },
    {
        "dnat": {
            "addr": "192.168.3.2",
            "family": "ip"
        }
    }
]

# iifname "eth0" tcp dport 443 dnat ip6 to [dead::beef]:4443
[
    {
        "match": {
            "left": {
                "meta": {
                    "key": "iifname"
                }
            },
            "op": "==",
            "right": "eth0"
        }
    },
    {
        "match": {
            "left": {
                "payload": {
                    "field": "dport",
                    "protocol": "tcp"
                }
            },
            "op": "==",
            "right": 443
        }
    },
    {
        "dnat": {
            "addr": "dead::beef",
            "family": "ip6",
            "port": 4443
        }
    }
]

# dnat ip to ct mark map { 0x00000014 : 1.2.3.4}
[
    {
        "dnat": {
            "addr": {
                "map": {
                    "data": {
                        "set": [
                            [
                                20,
                                "1.2.3.4"
                            ]
                        ]
                    },
                    "key": {
                        "ct": {
                            "key": "mark"
                        }
                    }
                }
            },
            "family": "ip"
        }
    }
]

# dnat ip to ct mark . ip daddr map { 0x00000014 . 1.1.1.1 : 1.2.3.4}
[
    {
        "dnat": {
            "addr": {
                "map": {
                    "data": {
                        "set": [
                            [
                                {
                                    "concat": [
                                        20,
                                        "1.1.1.1"
                                    ]
                                },
                                "1.2.3.4"
                            ]
                        ]
                    },
                    "key": {
                        "concat": [
                            {
                                "ct": {
                                    "key": "mark"
                                }
                            },
                            {
                                "payload": {
                                    "field": "daddr",
                                    "protocol": "ip"
                                }
                            }
                        ]
                    }
                }
            },
            "family": "ip"
        }
    }
]

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation