2024-09-27 22:23:15 -06:00
|
|
|
#!/bin/bash
|
|
|
|
|
NFT='/usr/bin/nft'
|
|
|
|
|
HANDLE=($($NFT -a -n list ruleset | grep "ct state 0x8 tcp dport" | grep -E '80|443' | grep handle | cut -d '#' -f2 | cut -d ' ' -f3))
|
|
|
|
|
for i in "${HANDLE[@]}"; do
|
|
|
|
|
$NFT delete rule ip6 filter input handle $i &>/dev/null
|
|
|
|
|
$NFT delete rule ip filter input handle $i &>/dev/null
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
echo "Setting Rate Limit to : $1"
|
|
|
|
|
echo
|
|
|
|
|
$NFT add rule ip6 filter input ct state new tcp dport 443 update @http_ratelimit { ip6 saddr limit rate $1/second } accept
|
|
|
|
|
|
|
|
|
|
$NFT add rule ip6 filter input ct state new tcp dport 80 update @http_ratelimit { ip6 saddr limit rate $1/second } accept
|
|
|
|
|
|
|
|
|
|
$NFT add rule ip filter input ct state new tcp dport 443 update @http_ratelimit { ip saddr limit rate $1/second } accept
|
|
|
|
|
|
|
|
|
|
$NFT add rule ip filter input ct state new tcp dport 80 update @http_ratelimit { ip saddr limit rate $1/second } accept
|
2024-09-27 23:34:08 -06:00
|
|
|
|
2024-09-27 23:41:07 -06:00
|
|
|
$NFT add rule ip nat prerouting tcp dport 80 ip saddr 192.168.0.0/24 dnat to 192.168.0.55
|
|
|
|
|
$NFT add rule ip nat prerouting tcp dport 443 ip saddr 192.168.0.0/24 dnat to 192.168.0.55
|
|
|
|
|
$NFT add rule ip nat postrouting ip daddr 192.168.0.55 masquerade
|
