File: nft.out

package info (click to toggle)
nftlb 1.0.7-1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, forky, sid, trixie
  • size: 8,704 kB
  • sloc: ansic: 11,806; sh: 221; makefile: 35
file content (55 lines) | stat: -rw-r--r-- 1,506 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
 
table ip nftlb {
	map filter-proto-services {
		type inet_proto . ipv4_addr . inet_service : verdict
		elements = { tcp . 192.168.105.189 . 80 : goto filter-newfarm }
	}

	map static-sessions-newfarm {
		type ipv4_addr : mark
	}

	map persist-newfarm {
		type ipv4_addr : mark
		size 65535
		timeout 2m
	}

	map nat-proto-services {
		type inet_proto . ipv4_addr . inet_service : verdict
		elements = { tcp . 192.168.105.189 . 80 : goto nat-newfarm }
	}

	map services-back-m {
		type mark : ipv4_addr
	}

	chain filter {
		type filter hook prerouting priority mangle; policy accept;
		meta mark 0x00000000 meta mark set ct mark
		ip protocol . ip daddr . th dport vmap @filter-proto-services
	}

	chain filter-newfarm {
		ct mark set ip saddr map @static-sessions-newfarm accept
		ct state new ct mark set ip saddr map @persist-newfarm
		ct state new ct mark 0x00000000 ct mark set numgen inc mod 1 map { 0 : 0x00000001 }
		ct mark != 0x00000000 update @persist-newfarm { ip saddr : ct mark }
	}

	chain prerouting {
		type nat hook prerouting priority dstnat; policy accept;
		ct state new meta mark 0x00000000 meta mark set ct mark
		ip protocol . ip daddr . th dport vmap @nat-proto-services
	}

	chain postrouting {
		type nat hook postrouting priority srcnat; policy accept;
		ct mark 0x00000000 ct mark set meta mark
		ct mark 0x80000000/1 masquerade
		snat to ct mark map @services-back-m
	}

	chain nat-newfarm {
		ip protocol tcp dnat ip to ct mark map { 0x00000001 : 192.168.0.151 . 8080 }
	}
}