source-git / nftables

Clone
Source Code
GIT

Files

  1.   a8b2ce6d3b8e5eadd6e694bf53e30779c44c90b7
  2.   tests
  3.   py
  4.   ip
  5.   dnat.t.json
Blob Blame History Raw 
# iifname "eth0" tcp dport 80-90 dnat to 192.168.3.2
[
    {
        "match": {
            "left": {
                "meta": { "key": "iifname" }
            },
	    "op": "==",
            "right": "eth0"
        }
    },
    {
        "match": {
            "left": {
                "payload": {
                    "field": "dport",
                    "protocol": "tcp"
                }
            },
	    "op": "==",
            "right": {
                "range": [ 80, 90 ]
            }
        }
    },
    {
        "dnat": {
            "addr": "192.168.3.2"
        }
    }
]

# iifname "eth0" tcp dport != 80-90 dnat to 192.168.3.2
[
    {
        "match": {
            "left": {
                "meta": { "key": "iifname" }
            },
	    "op": "==",
            "right": "eth0"
        }
    },
    {
        "match": {
            "left": {
                "payload": {
                    "field": "dport",
                    "protocol": "tcp"
                }
            },
            "op": "!=",
            "right": {
                "range": [ 80, 90 ]
            }
        }
    },
    {
        "dnat": {
            "addr": "192.168.3.2"
        }
    }
]

# iifname "eth0" tcp dport {80, 90, 23} dnat to 192.168.3.2
[
    {
        "match": {
            "left": {
                "meta": { "key": "iifname" }
            },
	    "op": "==",
            "right": "eth0"
        }
    },
    {
        "match": {
            "left": {
                "payload": {
                    "field": "dport",
                    "protocol": "tcp"
                }
            },
	    "op": "==",
            "right": {
                "set": [
                    23,
                    80,
                    90
                ]
            }
        }
    },
    {
        "dnat": {
            "addr": "192.168.3.2"
        }
    }
]

# iifname "eth0" tcp dport != {80, 90, 23} dnat to 192.168.3.2
[
    {
        "match": {
            "left": {
                "meta": { "key": "iifname" }
            },
	    "op": "==",
            "right": "eth0"
        }
    },
    {
        "match": {
            "left": {
                "payload": {
                    "field": "dport",
                    "protocol": "tcp"
                }
            },
            "op": "!=",
            "right": {
                "set": [
                    23,
                    80,
                    90
                ]
            }
        }
    },
    {
        "dnat": {
            "addr": "192.168.3.2"
        }
    }
]

# iifname "eth0" tcp dport != 23-34 dnat to 192.168.3.2
[
    {
        "match": {
            "left": {
                "meta": { "key": "iifname" }
            },
	    "op": "==",
            "right": "eth0"
        }
    },
    {
        "match": {
            "left": {
                "payload": {
                    "field": "dport",
                    "protocol": "tcp"
                }
            },
            "op": "!=",
            "right": {
                "range": [ 23, 34 ]
            }
        }
    },
    {
        "dnat": {
            "addr": "192.168.3.2"
        }
    }
]

# iifname "eth0" tcp dport 81 dnat to 192.168.3.2:8080
[
    {
        "match": {
            "left": {
                "meta": { "key": "iifname" }
            },
	    "op": "==",
            "right": "eth0"
        }
    },
    {
        "match": {
            "left": {
                "payload": {
                    "field": "dport",
                    "protocol": "tcp"
                }
            },
	    "op": "==",
            "right": 81
        }
    },
    {
        "dnat": {
            "addr": "192.168.3.2",
            "port": 8080
        }
    }
]

# dnat to ct mark map { 0x00000014 : 1.2.3.4}
[
    {
        "dnat": {
            "addr": {
                "map": {
                    "key": {
                        "ct": {
                            "key": "mark"
                        }
                    },
                    "data": {
                        "set": [
                            [
                                "0x00000014",
                                "1.2.3.4"
                            ]
                        ]
                    }
                }
            }
        }
    }
]

# dnat to ct mark . ip daddr map { 0x00000014 . 1.1.1.1 : 1.2.3.4}
[
    {
        "dnat": {
            "addr": {
                "map": {
                    "key": {
                        "concat": [
                            {
                                "ct": {
                                    "key": "mark"
                                }
                            },
                            {
                                "payload": {
                                    "field": "daddr",
                                    "protocol": "ip"
                                }
                            }
                        ]
                    },
                    "data": {
                        "set": [
                            [
                                {
                                    "concat": [
                                        "0x00000014",
                                        "1.1.1.1"
                                    ]
                                },
                                "1.2.3.4"
                            ]
                        ]
                    }
                }
            }
        }
    }
]

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation