-
-
Save nick134920/6c40f15c6fd9f522401e5edf2114985d to your computer and use it in GitHub Desktop.
nftables for redir proxy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ip rule add fwmark 0x233 lookup 100 | |
| ip route add local 0.0.0.0/0 dev lo table 100 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| define private_list = { | |
| 0.0.0.0/8, | |
| 10.0.0.0/8, | |
| 127.0.0.0/8, | |
| 169.254.0.0/16, | |
| 172.16.0.0/12, | |
| 192.168.0.0/16, | |
| 224.0.0.0/4, | |
| 240.0.0.0/4 | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| include "/etc/nftables/private.nft" | |
| table ip nat { | |
| chain proxy { | |
| ip daddr $private_list accept | |
| meta skuid clash accept | |
| ip protocol tcp redirect to :8889 | |
| } | |
| chain output { | |
| type nat hook output priority filter; policy accept; | |
| goto proxy | |
| } | |
| chain prerouting { | |
| type nat hook prerouting priority dstnat; policy accept; | |
| goto proxy | |
| } | |
| } | |
| table ip mangle { | |
| chain filter { | |
| ip daddr $private_list accept | |
| meta skuid clash accept | |
| return | |
| } | |
| chain output { | |
| type route hook output priority mangle; policy accept; | |
| jump filter | |
| ip protocol udp mark set 0x233 | |
| } | |
| chain prerouting { | |
| type filter hook prerouting priority mangle; policy accept; | |
| jump filter | |
| ip protocol udp tproxy to 127.0.0.1:8889 | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment