blob: 89c3bd145b4d7102efaa6a05c09738f80f2652a2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
table ip ipfoo {
map t1 {
typeof numgen inc mod 2 : ip daddr
}
map t2 {
typeof numgen inc mod 2 : ip daddr . tcp dport
}
map x {
type ipv4_addr : ipv4_addr
}
map y {
type ipv4_addr : ipv4_addr . inet_service
elements = { 192.168.7.2 : 10.1.1.1 . 4242 }
}
map z {
type ipv4_addr . inet_service : ipv4_addr . inet_service
elements = { 192.168.7.2 . 42 : 10.1.1.1 . 4242 }
}
chain c {
type nat hook prerouting priority dstnat; policy accept;
iifname != "foobar" accept
dnat to ip daddr map @x
ip saddr 10.1.1.1 dnat to 10.2.3.4
ip saddr 10.1.1.2 tcp dport 42 dnat to 10.2.3.4:4242
meta l4proto tcp dnat ip addr . port to ip saddr map @y
dnat ip addr . port to ip saddr . tcp dport map @z
dnat to numgen inc mod 2 map @t1
meta l4proto tcp dnat ip addr . port to numgen inc mod 2 map @t2
}
}
table ip6 ip6foo {
map t1 {
typeof numgen inc mod 2 : ip6 daddr
}
map t2 {
typeof numgen inc mod 2 : ip6 daddr . tcp dport
}
map x {
type ipv6_addr : ipv6_addr
}
map y {
type ipv6_addr : ipv6_addr . inet_service
}
map z {
type ipv6_addr . inet_service : ipv6_addr . inet_service
}
chain c {
type nat hook prerouting priority dstnat; policy accept;
iifname != "foobar" accept
dnat to ip6 daddr map @x
ip6 saddr dead::1 dnat to feed::1
ip6 saddr dead::2 tcp dport 42 dnat to [c0::1a]:4242
meta l4proto tcp dnat ip6 addr . port to ip6 saddr map @y
dnat ip6 addr . port to ip6 saddr . tcp dport map @z
dnat to numgen inc mod 2 map @t1
meta l4proto tcp dnat ip6 addr . port to numgen inc mod 2 map @t2
}
}
table inet inetfoo {
map t1v4 {
typeof numgen inc mod 2 : ip daddr
}
map t2v4 {
typeof numgen inc mod 2 : ip daddr . tcp dport
}
map t1v6 {
typeof numgen inc mod 2 : ip6 daddr
}
map t2v6 {
typeof numgen inc mod 2 : ip6 daddr . tcp dport
}
map x4 {
type ipv4_addr : ipv4_addr
}
map y4 {
type ipv4_addr : ipv4_addr . inet_service
}
map z4 {
type ipv4_addr . inet_service : ipv4_addr . inet_service
elements = { 192.168.7.2 . 42 : 10.1.1.1 . 4242 }
}
map x6 {
type ipv6_addr : ipv6_addr
}
map y6 {
type ipv6_addr : ipv6_addr . inet_service
}
map z6 {
type ipv6_addr . inet_service : ipv6_addr . inet_service
}
chain c {
type nat hook prerouting priority dstnat; policy accept;
iifname != "foobar" accept
dnat ip to ip daddr map @x4
ip saddr 10.1.1.1 dnat ip to 10.2.3.4
ip saddr 10.1.1.2 tcp dport 42 dnat ip to 10.2.3.4:4242
meta l4proto tcp meta nfproto ipv4 dnat ip addr . port to ip saddr map @y4
meta nfproto ipv4 dnat ip addr . port to ip saddr . tcp dport map @z4
dnat ip to numgen inc mod 2 map @t1v4
meta l4proto tcp dnat ip addr . port to numgen inc mod 2 map @t2v4
dnat ip6 to ip6 daddr map @x6
ip6 saddr dead::1 dnat ip6 to feed::1
ip6 saddr dead::2 tcp dport 42 dnat ip6 to [c0::1a]:4242
meta l4proto tcp meta nfproto ipv6 dnat ip6 addr . port to ip6 saddr map @y6
meta nfproto ipv6 dnat ip6 addr . port to ip6 saddr . tcp dport map @z6
dnat ip6 to numgen inc mod 2 map @t1v6
meta l4proto tcp dnat ip6 addr . port to numgen inc mod 2 map @t2v6
}
}
|