firewall/modules/module-rate-limit-web-port-forward.sh
Your Name 848bf9774d ifix
2024-09-27 23:34:08 -06:00

22 lines
1.0 KiB
Bash

#!/bin/bash
NFT='/usr/bin/nft'
HANDLE=($($NFT -a -n list ruleset | grep "ct state 0x8 tcp dport" | grep -E '80|443' | grep handle | cut -d '#' -f2 | cut -d ' ' -f3))
for i in "${HANDLE[@]}"; do
$NFT delete rule ip6 filter input handle $i &>/dev/null
$NFT delete rule ip filter input handle $i &>/dev/null
done
echo "Setting Rate Limit to : $1"
echo
$NFT add rule ip6 filter input ct state new tcp dport 443 update @http_ratelimit { ip6 saddr limit rate $1/second } accept
$NFT add rule ip6 filter input ct state new tcp dport 80 update @http_ratelimit { ip6 saddr limit rate $1/second } accept
$NFT add rule ip filter input ct state new tcp dport 443 update @http_ratelimit { ip saddr limit rate $1/second } accept
$NFT add rule ip filter input ct state new tcp dport 80 update @http_ratelimit { ip saddr limit rate $1/second } accept
$NFT add rule ip forward prerouting tcp dport 80 dnat to 192.168.0.55
$NFT add rule ip forward prerouting tcp dport 443 dnat to 192.168.0.55
$NFT add rule ip forward postrouting ip daddr 192.168.0.55 masquerade