ForkMaster/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2024-11-11 17:29:16 +05:00
Code Issues Actions Packages Projects Releases Wiki Activity

nftables cheat sheet

Browse Source
This commit is contained in:
bol-van 2022-05-13 14:35:27 +03:00
parent 5226f7b320
commit 144ceb66f4
1 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
docs/nftables.txt Normal file
View File

@ -0,0 +1,26 @@
nftables test cheat sheet
simplified rule to test nfqws and tpws
For DNAT :
# run tpws as user "tpws". its required to avoid loops.
nft delete table inet ztest
nft create table inet ztest
nft add chain inet ztest pre "{type nat hook prerouting priority dstnat;}"
nft add rule inet ztest pre tcp dport "{80,443}" redirect to :988
nft add chain inet ztest out "{type nat hook output priority -100;}"
nft add rule inet ztest out tcp dport "{80,443}" skuid != tpws redirect to :988
For dpi desync attack :
nft delete table inet ztest
nft create table inet ztest
nft add chain inet ztest post "{type filter hook postrouting priority mangle;}"
nft add rule inet ztest post tcp dport "{80,443}" queue num 200 bypass
show rules : nft list table inet ztest
delete table : nft delete table inet ztest