Nft-5: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(Die Seite wurde neu angelegt: „<pre> table ip filter { chain INPUT { type filter hook input priority filter; policy drop; ct state established,related counter packets 244 bytes 16520 ac…“) |
(kein Unterschied)
|
Version vom 13. September 2022, 18:06 Uhr
table ip filter {
chain INPUT {
type filter hook input priority filter; policy drop;
ct state established,related counter packets 244 bytes 16520 accept
iifname "lo" ct state new counter packets 0 bytes 0 accept
tcp dport 22 ct state new counter packets 0 bytes 0 accept
icmp type echo-request ct state new counter packets 2 bytes 192 accept
counter packets 20 bytes 1332 log prefix "--iptables-drop-in--"
}
chain OUTPUT {
type filter hook output priority filter; policy drop;
ct state established,related counter packets 155 bytes 15764 accept
ct state new counter packets 3 bytes 228 accept
counter packets 0 bytes 0 log prefix "--iptables-drop-out--"
}
chain FORWARD {
type filter hook forward priority filter; policy drop;
ct state established,related counter packets 0 bytes 0 accept
icmp type echo-request counter packets 0 bytes 0 jump lan-to-wan
tcp dport 53 counter packets 0 bytes 0 jump lan-to-wan
udp dport 53 counter packets 0 bytes 0 jump lan-to-wan
iifname "eth0" oifname "ens19" ip daddr 10.82.243.11 tcp dport 80 counter packets 0 bytes 0 accept
iifname "eth0" oifname "ens19" ip daddr 10.82.243.11 tcp dport 22 counter packets 0 bytes 0 accept
tcp dport { 25, 80, 143, 443, 465, 993 } counter packets 0 bytes 0 jump lan-to-wan
counter packets 0 bytes 0 log prefix "--iptables-drop-for--"
}
chain lan-to-wan {
iifname "ens19" oifname "eth0" ip saddr 10.82.243.0/24 ct state new counter packets 0 bytes 0 accept
}
}
table ip nat {
chain POSTROUTING {
type nat hook postrouting priority srcnat; policy accept;
oifname "eth0" ip saddr 10.82.243.0/24 counter packets 0 bytes 0 snat to 10.82.227.12
}
chain PREROUTING {
type nat hook prerouting priority dstnat; policy accept;
ip daddr 10.82.227.12 tcp dport 80 counter packets 0 bytes 0 dnat to 10.82.243.11
ip daddr 10.82.227.12 tcp dport 9922 counter packets 0 bytes 0 dnat to 10.82.243.11:22
}
chain INPUT {
type nat hook input priority 100; policy accept;
}
chain OUTPUT {
type nat hook output priority -100; policy accept;
}
}