blob: f3dc0721b94ffb52c7b53a32b59d8f11c813b7a2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
#!/bin/bash
set -e
RULESET="table inet x {
chain nat_dns_dnstc { meta l4proto udp redirect to :5300 ; drop ; }
chain nat_dns_this_5301 { meta l4proto udp redirect to :5301 ; drop ; }
chain nat_dns_saturn_5301 { meta nfproto ipv4 meta l4proto udp dnat to 240.0.1.2:5301 ; drop ; }
chain nat_dns_saturn_5302 { meta nfproto ipv4 meta l4proto udp dnat to 240.0.1.2:5302 ; drop ; }
chain nat_dns_saturn_5303 { meta nfproto ipv4 meta l4proto udp dnat to 240.0.1.2:5303 ; drop ; }
chain nat_dns_acme {
udp length 47-63 @th,160,128 0x0e373135363130333131303735353203 \
goto nat_dns_dnstc
udp length 62-78 @th,160,128 0x0e31393032383939353831343037320e \
goto nat_dns_this_5301
udp length 62-78 @th,160,128 0x0e31363436323733373931323934300e \
goto nat_dns_saturn_5301
udp length 62-78 @th,160,128 0x0e32393535373539353636383732310e \
goto nat_dns_saturn_5302
udp length 62-78 @th,160,128 0x0e38353439353637323038363633390e \
goto nat_dns_saturn_5303
drop
}
}"
$NFT -o -f - <<< $RULESET
|