#!/bin/bash

set -e

RULESET="table ip test1 {
        chain y {
                oif lo accept
                ip saddr 4.4.4.4 dnat to 1.1.1.1
                ip saddr 5.5.5.5 dnat to 2.2.2.2
        }
}"

$NFT -o -f - <<< $RULESET

RULESET="table ip test2 {
        chain y {
                oif lo accept
                tcp dport 80 dnat to 1.1.1.1:8001
                tcp dport 81 dnat to 2.2.2.2:9001
                ip saddr 10.141.11.0/24 masquerade
                ip saddr 10.141.13.0/24 masquerade
        }
}"

$NFT -o -f - <<< $RULESET

RULESET="table ip test3 {
        chain y {
                oif lo accept
                ip saddr 1.1.1.1 tcp sport 1024-65535 snat to 3.3.3.3
                ip saddr 2.2.2.2 tcp sport 1024-65535 snat to 4.4.4.4
                oifname enp2s0 snat ip to ip saddr map { 10.1.1.0/24 : 72.2.3.66-72.2.3.78 }
                tcp dport 8888 redirect
                tcp dport 9999 redirect
        }
}"

$NFT -o -f - <<< $RULESET

RULESET="table ip test4 {
        chain y {
                oif lo accept
                ip daddr 1.1.1.1 tcp dport 80 dnat to 4.4.4.4:8000
                ip daddr 2.2.2.2 tcp dport 81 dnat to 3.3.3.3:9000
                tcp dport 83 redirect to :8083
                tcp dport 84 redirect to :8084
                tcp dport 85 redirect
        }
}"

$NFT -o -f - <<< $RULESET

RULESET="table inet nat {
	chain prerouting {
		oif lo accept
		iifname enp2s0 ip daddr 72.2.3.66 tcp dport 53122 dnat to 10.1.1.10:22
		iifname enp2s0 ip daddr 72.2.3.66 tcp dport 443 dnat to 10.1.1.52:443
		iifname enp2s0 ip daddr 72.2.3.70 tcp dport 80 dnat to 10.1.1.52:80
	}
	chain postrouting {
		oif lo accept
		ip daddr 72.2.3.66 snat to 10.2.2.2
		ip daddr 72.2.3.67 snat to 10.2.3.3
	}
}"

$NFT -o -f - <<< $RULESET