verita84/firewall
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Forwarding

Browse Source
This commit is contained in:
Your Name 2024-09-27 22:23:15 -06:00
parent a038cbb232
commit 8a0217d311
1 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
modules/module-rate-limit-web-port-forward.sh Normal file
View File

@ -0,0 +1,19 @@
#!/bin/bash
NFT='/usr/bin/nft'
HANDLE=($($NFT -a -n list ruleset | grep "ct state 0x8 tcp dport" | grep -E '80|443' | grep handle | cut -d '#' -f2 | cut -d ' ' -f3))
for i in "${HANDLE[@]}"; do
$NFT delete rule ip6 filter input handle $i &>/dev/null
$NFT delete rule ip filter input handle $i &>/dev/null
done
echo "Setting Rate Limit to : $1"
echo
$NFT add rule ip nat prerouting tcp dport 443 dnat to 192.168.0.55
$NFT add rule ip nat prerouting tcp dport 80 dnat to 192.168.0.55
$NFT add rule ip6 filter input ct state new tcp dport 443 update @http_ratelimit { ip6 saddr limit rate $1/second } accept
$NFT add rule ip6 filter input ct state new tcp dport 80 update @http_ratelimit { ip6 saddr limit rate $1/second } accept
$NFT add rule ip filter input ct state new tcp dport 443 update @http_ratelimit { ip saddr limit rate $1/second } accept
$NFT add rule ip filter input ct state new tcp dport 80 update @http_ratelimit { ip saddr limit rate $1/second } accept