Home Explore Help
Register Sign In
Apq
/
MoeClub-Note
mirror of https://github.com/MoeClub/Note.git
1
0
Fork 0
Files Issues 0 Wiki
Branch: master
Branches Tags
MoeClub-Note
/
redirectNFT.sh

redirectNFT.sh 971 B
Permalink History Raw

12345678910111213141516171819 
  1. #!/bin/bash
    2. 

  2. ## systemctl enable nftables
    3. 

  3. ## nft -a list ruleset
    4. 

  4. 

  5. RemoteAddr="${1:-}"
    6. 

  6. LocalPort="${2:-443}"
    7. 

  7. 

  8. [ "$(cat /proc/sys/net/ipv4/ip_forward)" != "1" ] && echo "1" >/proc/sys/net/ipv4/ip_forward
    9. 

  9. 

  10. nft list table ip nat >/dev/null 2>&1 || nft add table ip nat
    11. 

  11. nft list chain ip nat prerouting >/dev/null 2>&1 || nft add chain ip nat prerouting { type nat hook prerouting priority dstnat \; policy accept \; }
    12. 

  12. nft list chain ip nat postrouting >/dev/null 2>&1 || nft add chain ip nat postrouting { type nat hook postrouting priority srcnat \; policy accept \; }
    13. 

  13. 

  14. 

  15. nft insert rule ip nat prerouting tcp dport "${LocalPort}"  dnat to "${RemoteAddr}"
    16. 

  16. nft insert rule ip nat postrouting ip daddr "${RemoteAddr%:*}" tcp dport "${RemoteAddr#*:}" masquerade
    17. 

  17. nft insert rule inet filter forward ip daddr "${RemoteAddr%:*}" tcp dport "${RemoteAddr#*:}" ip dscp set 46
    18. 

  18. nft insert rule inet filter forward ip saddr "${RemoteAddr%:*}" tcp sport "${RemoteAddr#*:}" ip dscp set 46
    19. 

  19.