| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566 |
- #!/usr/bin/utpl -S
- set acl_neteasemusic_http {
- type ether_addr;
- flags interval;
- auto-merge;
- {% if (acl_http_addr): %}
- elements = { {{ join(', ', split(trim(acl_http_addr), '\n')) }} }
- {% endif %}
- }
- set acl_neteasemusic_https {
- type ether_addr;
- flags interval;
- auto-merge;
- {% if (acl_https_addr): %}
- elements = { {{ join(', ', split(trim(acl_https_addr), '\n')) }} }
- {% endif %}
- }
- set neteasemusic {
- type ipv4_addr;
- flags interval;
- auto-merge;
- {% if (neteasemusic_addr): %}
- elements = { {{ join(', ', split(trim(neteasemusic_addr), '\n')) }} }
- {% endif %}
- }
- set neteasemusic6 {
- type ipv6_addr;
- flags interval;
- auto-merge;
- {% if (neteasemusic_addr6): %}
- elements = { {{ join(', ', split(trim(neteasemusic_addr6), '\n')) }} }
- {% endif %}
- }
- chain netease_cloud_music {
- type nat hook prerouting priority -1; policy accept;
- meta l4proto tcp ip daddr @neteasemusic counter jump netease_cloud_music_redir;
- meta l4proto tcp ip6 daddr @neteasemusic6 counter jump netease_cloud_music_redir;
- }
- chain netease_cloud_music_redir {
- ip daddr { 0.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 127.0.0.0/8,
- 169.254.0.0/16, 172.16.0.0/12, 192.0.0.0/24,
- 192.0.2.0/24, 192.31.196.0/24, 192.52.193.0/24,
- 192.88.99.0/24, 192.168.0.0/16, 192.175.48.0/24,
- 198.18.0.0/15, 198.51.100.0/24, 203.0.113.0/24,
- 224.0.0.0/4, 240.0.0.0/4 } counter return;
- ip6 daddr { ::/128, ::1/128, ::ffff:0:0/96, 100::/64, 64:ff9b::/96,
- 2001::/32, 2001:10::/28, 2001:20::/28, 2001:db8::/28, 2002::/16,
- fc00::/7, fe80::/10, ff00::/8 } counter return;
- ether saddr @acl_neteasemusic_http tcp dport 80 counter return;
- ether saddr @acl_neteasemusic_https tcp dport 443 counter return;
- tcp dport 80 counter redirect to :{{ http_port }};
- tcp dport 443 counter redirect to :{{ https_port }};
- }
|
