# iifname "foo" tcp dport 80 redirect to :8080
[
{
"match": {
"left": {
"meta": {
"key": "iifname"
}
},
"op": "==",
"right": "foo"
}
},
{
"match": {
"left": {
"payload": {
"field": "dport",
"protocol": "tcp"
}
},
"op": "==",
"right": 80
}
},
{
"redirect": {
"port": 8080
}
}
]
# iifname "eth0" tcp dport 443 dnat ip to 192.168.3.2
[
{
"match": {
"left": {
"meta": {
"key": "iifname"
}
},
"op": "==",
"right": "eth0"
}
},
{
"match": {
"left": {
"payload": {
"field": "dport",
"protocol": "tcp"
}
},
"op": "==",
"right": 443
}
},
{
"dnat": {
"addr": "192.168.3.2",
"family": "ip"
}
}
]
# iifname "eth0" tcp dport 443 dnat ip6 to [dead::beef]:4443
[
{
"match": {
"left": {
"meta": {
"key": "iifname"
}
},
"op": "==",
"right": "eth0"
}
},
{
"match": {
"left": {
"payload": {
"field": "dport",
"protocol": "tcp"
}
},
"op": "==",
"right": 443
}
},
{
"dnat": {
"addr": "dead::beef",
"family": "ip6",
"port": 4443
}
}
]
# dnat ip to ct mark map { 0x00000014 : 1.2.3.4}
[
{
"dnat": {
"addr": {
"map": {
"data": {
"set": [
[
20,
"1.2.3.4"
]
]
},
"key": {
"ct": {
"key": "mark"
}
}
}
},
"family": "ip"
}
}
]
# dnat ip to ct mark . ip daddr map { 0x00000014 . 1.1.1.1 : 1.2.3.4}
[
{
"dnat": {
"addr": {
"map": {
"data": {
"set": [
[
{
"concat": [
20,
"1.1.1.1"
]
},
"1.2.3.4"
]
]
},
"key": {
"concat": [
{
"ct": {
"key": "mark"
}
},
{
"payload": {
"field": "daddr",
"protocol": "ip"
}
}
]
}
}
},
"family": "ip"
}
}
]