Skip to content

Instantly share code, notes, and snippets.

@Cactus64k

Cactus64k/gist:d4c319235e5e4b4992fa509d59db464b

Last active May 26, 2020 22:05
Show Gist options
  • Save Cactus64k/d4c319235e5e4b4992fa509d59db464b to your computer and use it in GitHub Desktop.
Save Cactus64k/d4c319235e5e4b4992fa509d59db464b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
#!/usr/sbin/nft -f
flush ruleset
define local = {192.168.16.0/24, 127.0.0.0/8 }
define out_if = enp0s3
table nat {
chain prerouting {
type nat hook prerouting priority 0;
ip protocol tcp redirect to :9040
ip protocol udp redirect to :9053
}
chain postrouting {
type nat hook postrouting priority 100;
}
}
table filter {
chain input {
type filter hook input priority 0;
ct state {established, related} counter accept
iif == lo accept
ip saddr $local accept
counter log level err prefix "INPUT REJECTED: " reject
}
chain output {
type filter hook output priority 0;
ct state {established, related} counter accept
oif == lo accept
skuid == debian-tor accept
ip daddr $local accept
counter log level err prefix "OUTPUT REJECTED: " reject
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment