Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rewrite netfilter rules #350

Open
Prajwal-Koirala opened this issue Aug 24, 2022 · 4 comments
Open

Rewrite netfilter rules #350

Prajwal-Koirala opened this issue Aug 24, 2022 · 4 comments

Comments

@Prajwal-Koirala
Copy link
Member

Prajwal-Koirala commented Aug 24, 2022
edited

Rewrite netfilter rules.

I really need help with this.
@Prajwal-Koirala Prajwal-Koirala pinned this issue Aug 24, 2022
@Prajwal-Koirala
Copy link
Member Author 

add table inet filter
add chain inet filter INPUT { type filter hook input priority 0; policy accept; }
add chain inet filter FORWARD { type filter hook forward priority 0; policy accept; }
add chain inet filter OUTPUT { type filter hook output priority 0; policy accept; }
add rule inet filter INPUT ip saddr 10.0.0.0/8 udp dport 53 ct state new counter accept
add rule inet filter FORWARD iifname "wg0" counter accept
add table inet nat
add chain inet nat PREROUTING { type nat hook prerouting priority -100; policy accept; }
add chain inet nat INPUT { type nat hook input priority 100; policy accept; }
add chain inet nat OUTPUT { type nat hook output priority -100; policy accept; }
add chain inet nat POSTROUTING { type nat hook postrouting priority 100; policy accept; }
add rule inet nat POSTROUTING oifname "eth0" counter masquerade

@Prajwal-Koirala
Copy link
Member Author 

table inet filter {
        chain input {
                type filter hook input priority filter; policy accept;
        }

        chain forward {
                type filter hook forward priority filter; policy accept;
        }

        chain output {
                type filter hook output priority filter; policy accept;
        }

        chain INPUT {
                type filter hook input priority filter; policy accept;
                ip saddr 10.0.0.0/8 udp dport 53 ct state new counter packets 34 bytes 2292 accept
        }

        chain FORWARD {
                type filter hook forward priority filter; policy accept;
                iifname "wg0" counter packets 1358 bytes 149278 accept
        }

        chain OUTPUT {
                type filter hook output priority filter; policy accept;
        }
}
table inet nat {
        chain PREROUTING {
                type nat hook prerouting priority dstnat; policy accept;
        }

        chain INPUT {
                type nat hook input priority 100; policy accept;
        }

        chain OUTPUT {
                type nat hook output priority -100; policy accept;
        }

        chain POSTROUTING {
                type nat hook postrouting priority srcnat; policy accept;
                oifname "eth0" counter packets 126 bytes 12925 masquerade
        }
}

@Prajwal-Koirala
Copy link
Member Author 

table inet wireguard {
        chain INPUT {
                type filter hook input priority filter; policy accept;
                ip saddr 10.0.0.0/8 udp dport 53 ct state new accept
        }

        chain FORWARD {
                type filter hook forward priority filter; policy accept;
                iifname "wg0" accept
        }

        chain POSTROUTING {
                type nat hook postrouting priority srcnat; policy accept;
                oifname "eth0" masquerade
        }
}

@Prajwal-Koirala
Copy link
Member Author 

table inet wireguard {
        chain INPUT {
                type filter hook input priority filter; policy accept;
                iifname "wg0" accept
        }
        chain FORWARD {
                type filter hook forward priority filter; policy accept;
                iifname "wg0" accept
        }
        chain POSTROUTING {
                type nat hook postrouting priority srcnat; policy accept;
                oifname "eth0" masquerade
        }
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Prajwal-Koirala