NFTables fixes and scripts
This commit fixes the list detection and uses the inet chain for ipv4. The scripts got reworked as well and a display script was added.
This commit is contained in:
parent
ee84a3949d
commit
f67f6ae5f0
|
@ -132,7 +132,7 @@ add_redirect_rule2(const char * ifname,
|
|||
d_printf(("add redirect rule2(%s, %s, %u, %s, %u, %d, %s)!\n",
|
||||
ifname, rhost, eport, iaddr, iport, proto, desc));
|
||||
|
||||
r = rule_set_dnat(NFPROTO_IPV4, ifname, proto,
|
||||
r = rule_set_dnat(NFPROTO_INET, ifname, proto,
|
||||
0, eport,
|
||||
inet_addr(iaddr), iport, desc, NULL);
|
||||
|
||||
|
|
|
@ -604,15 +604,15 @@ table_cb(const struct nlmsghdr *nlh, void *data)
|
|||
|
||||
if (r->type == RULE_NONE) {
|
||||
free(r);
|
||||
} else if (strcmp(r->chain, miniupnpd_nat_postrouting_chain) == 0) {
|
||||
} else if (r->type == RULE_NAT && r->nat_type == NFT_NAT_SNAT) {
|
||||
r->index = index_peer;
|
||||
LIST_INSERT_HEAD(&head_peer, r, entry);
|
||||
index_peer++;
|
||||
} else if (strcmp(r->chain, miniupnpd_nat_chain) == 0) {
|
||||
} else if (r->type == RULE_NAT && r->nat_type == NFT_NAT_DNAT) {
|
||||
r->index = index_redirect;
|
||||
LIST_INSERT_HEAD(&head_redirect, r, entry);
|
||||
index_redirect++;
|
||||
} else {
|
||||
} else if (r->type == RULE_FILTER) {
|
||||
r->index = index_filter;
|
||||
LIST_INSERT_HEAD(&head_filter, r, entry);
|
||||
index_filter++;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /sbin/nft -f
|
||||
#!/bin/sh
|
||||
|
||||
delete chain nat MINIUPNPD
|
||||
delete chain nat MINIUPNPD-POSTROUTING
|
||||
delete chain filter MINIUPNPD
|
||||
nft delete chain nat MINIUPNPD
|
||||
nft delete chain nat MINIUPNPD-POSTROUTING
|
||||
nft delete chain filter MINIUPNPD
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
#!/bin/sh
|
||||
|
||||
# Prerouting
|
||||
nft list chain ip nat MINIUPNPD
|
||||
# Postrouting
|
||||
nft list chain ip nat MINIUPNPD-POSTROUTING
|
||||
# Filter
|
||||
nft list chain inet filter MINIUPNPD
|
|
@ -1,5 +1,5 @@
|
|||
#! /sbin/nft -f
|
||||
#!/bin/sh
|
||||
|
||||
flush chain ip nat MINIUPNPD
|
||||
flush chain ip nat MINIUPNPD-POSTROUTING
|
||||
flush chain inet filter MINIUPNPD
|
||||
nft flush chain ip nat MINIUPNPD
|
||||
nft flush chain ip nat MINIUPNPD-POSTROUTING
|
||||
nft flush chain inet filter MINIUPNPD
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
#! /bin/sh
|
||||
#!/bin/sh
|
||||
|
||||
nft list table nat > /dev/null
|
||||
nft_nat_exists=$?
|
||||
nft list table filter > /dev/null
|
||||
nft list table inet filter > /dev/null
|
||||
nft_filter_exists=$?
|
||||
nft list table mangle > /dev/null
|
||||
nft_mangle_exists=$?
|
||||
#nft list table inet mangle > /dev/null
|
||||
#nft_mangle_exists=$?
|
||||
|
||||
if [ $nft_nat_exists -eq "1" ]; then
|
||||
echo "create nat"
|
||||
|
@ -15,19 +15,19 @@ if [ $nft_filter_exists -eq "1" ]; then
|
|||
echo "create filter"
|
||||
nft "add table inet filter"
|
||||
fi
|
||||
if [ $nft_mangle_exists -eq "1" ]; then
|
||||
echo "create mangle"
|
||||
nft "add table mangle"
|
||||
fi
|
||||
#if [ $nft_mangle_exists -eq "1" ]; then
|
||||
# echo "create mangle"
|
||||
# nft "add table mangle"
|
||||
#fi
|
||||
|
||||
nft list chain nat MINIUPNPD > /dev/null
|
||||
nft_nat_miniupnpd_exists=$?
|
||||
nft list chain nat MINIUPNPD-POSTROUTING > /dev/null
|
||||
nft_nat_miniupnpd_pcp_peer_exists=$?
|
||||
nft list chain filter MINIUPNPD > /dev/null
|
||||
nft list chain inet filter MINIUPNPD > /dev/null
|
||||
nft_filter_miniupnpd_exists=$?
|
||||
nft list chain mangle MINIUPNPD > /dev/null
|
||||
nft_mangle_miniupnpd_exists=$?
|
||||
#nft list chain inet mangle MINIUPNPD > /dev/null
|
||||
#nft_mangle_miniupnpd_exists=$?
|
||||
|
||||
if [ $nft_nat_miniupnpd_exists -eq "1" ]; then
|
||||
echo "create chain in nat"
|
||||
|
@ -39,9 +39,9 @@ if [ $nft_nat_miniupnpd_pcp_peer_exists -eq "1" ]; then
|
|||
fi
|
||||
if [ $nft_filter_miniupnpd_exists -eq "1" ]; then
|
||||
echo "create chain in filter "
|
||||
nft "add chain filter MINIUPNPD"
|
||||
fi
|
||||
if [ $nft_mangle_miniupnpd_exists -eq "1" ]; then
|
||||
echo "create chain in mangle"
|
||||
nft "add chain mangle MINIUPNPD"
|
||||
nft "add chain inet filter MINIUPNPD"
|
||||
fi
|
||||
#if [ $nft_mangle_miniupnpd_exists -eq "1" ]; then
|
||||
# echo "create chain in mangle"
|
||||
# nft "add chain inet mangle MINIUPNPD"
|
||||
#fi
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
#! /sbin/nft -f
|
||||
#!/bin/sh
|
||||
|
||||
delete rule nat MINIUPNPD
|
||||
delete rule nat MINIUPNPD-POSTROUTING
|
||||
delete rule filter MINIUPNPD
|
||||
# Remove all rules in nft not just miniupnpd
|
||||
nft flush ruleset
|
||||
|
|
Loading…
Reference in New Issue