ifixo

2024-09-27 23:41:07 -06:00 · 2024-09-27 23:41:07 -06:00 · 9ee3593c05
commit 9ee3593c05
parent 848bf9774d
2 changed files with 6 additions and 6 deletions
--- a/ipv4-filter.nft
+++ b/ipv4-filter.nft
@ -1,5 +1,6 @@
 table filter {
-	chain input		{ type filter hook input priority 0;policy accept;}
+	set http_ratelimit { type ipv4_addr; timeout 1s; flags dynamic; } 
 	chain input		{ type filter hook input priority 0;policy drop;}
 	chain forward		{ type filter hook forward priority 0;
 				iifname wg0 accept;
 				iifname home accept;
@ -9,7 +10,7 @@ table filter {
 	chain output		{ type filter hook output priority 0;  }
 }
-table inet t_nat {
+table nat {
 	chain prerouting {  type nat hook prerouting priority -100; policy accept;}
 	chain postrouting {  type nat hook postrouting priority 100;
 	iifname wg0 oifname eno1 masquerade;
@ -18,4 +19,3 @@ table inet t_nat {
 	iifname eno1 oifname home masquerade;
 	}
 }
--- a/modules/module-rate-limit-web-port-forward.sh
+++ b/modules/module-rate-limit-web-port-forward.sh
@ -16,6 +16,6 @@ $NFT add rule ip filter input ct state new tcp dport 443 update @http_ratelimit
 $NFT add rule ip filter input ct state new tcp dport 80 update @http_ratelimit { ip saddr limit rate $1/second } accept
-$NFT add rule ip forward prerouting tcp dport 80 dnat to 192.168.0.55
+$NFT add rule ip nat prerouting tcp dport 80 ip saddr 192.168.0.0/24 dnat to 192.168.0.55
-$NFT add rule ip forward prerouting tcp dport 443 dnat to 192.168.0.55
+$NFT add rule ip nat prerouting tcp dport 443 ip saddr 192.168.0.0/24 dnat to 192.168.0.55
-$NFT add rule ip forward postrouting ip daddr 192.168.0.55 masquerade
+$NFT add rule ip nat postrouting ip daddr 192.168.0.55 masquerade