Created
March 17, 2023 01:54
-
-
Save esemeniuc/fd5a7bdd17aabfcfdff85b3436b77cba to your computer and use it in GitHub Desktop.
Duplicate packets
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/sbin/nft -f | |
| # see https://unix.stackexchange.com/questions/740061/how-do-you-duplicate-all-udp-traffic-on-a-port-range-using-nftables/ | |
| # sends all duplicated packets to 10.0.0.1 | |
| # run this before applying this file | |
| # sudo ip addr add 10.0.0.1/24 dev lo | |
| # clean up with | |
| # sudo ip addr delete 10.0.0.1/24 dev lo | |
| # nft flush ruleset | |
| flush ruleset | |
| table ip mangle { | |
| chain prerouting { | |
| type filter hook prerouting priority mangle; policy accept; | |
| iifname != lo udp dport 8000-8100 dup to 10.0.0.1 device lo notrack | |
| } | |
| chain input { | |
| type filter hook input priority mangle; policy accept; | |
| iifname lo udp dport 8000-8100 ip daddr set 10.0.0.1 notrack | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment