Created
January 9, 2025 10:41
-
-
Save moremorefun/d21248a90f6ef0f66c82436c6a622c60 to your computer and use it in GitHub Desktop.
nft.conf
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/nft -f | |
| define PROXY_MARK = 1 | |
| define PROXY_PORT = 1234 | |
| define SNELL_USER = 1002 | |
| define SNELL_PORT = 26781 | |
| flush ruleset | |
| table inet snell { | |
| # Define sets once and reference them | |
| set LOCAL_IPV4 { | |
| type ipv4_addr | |
| flags interval | |
| elements = { | |
| 127.0.0.0/8, | |
| 10.0.0.0/8, | |
| 224.0.0.0/4 | |
| } | |
| } | |
| set LOCAL_IPV6 { | |
| type ipv6_addr | |
| flags interval | |
| elements = { | |
| ::1/128, | |
| fe80::/10 | |
| } | |
| } | |
| chain output { | |
| type route hook output priority mangle; policy accept; | |
| ip daddr @LOCAL_IPV4 return | |
| ip6 daddr @LOCAL_IPV6 return | |
| tcp sport $SNELL_PORT counter return | |
| udp dport 53 counter return | |
| skuid $SNELL_USER meta l4proto {tcp, udp} counter meta mark set $PROXY_MARK | |
| } | |
| chain prerouting { | |
| type filter hook prerouting priority mangle; policy accept; | |
| ct state established,related accept | |
| ct state invalid drop | |
| ip daddr @LOCAL_IPV4 return | |
| ip6 daddr @LOCAL_IPV6 return | |
| meta mark $PROXY_MARK meta l4proto { tcp, udp } counter tproxy to :$PROXY_PORT | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment