Rewrite netfilter rules

Prajwal-Koirala commented 1 year ago

Rewrite netfilter rules.

I really need help with this.

Prajwal-Koirala commented 1 year ago

add table inet filter
add chain inet filter INPUT { type filter hook input priority 0; policy accept; }
add chain inet filter FORWARD { type filter hook forward priority 0; policy accept; }
add chain inet filter OUTPUT { type filter hook output priority 0; policy accept; }
add rule inet filter INPUT ip saddr 10.0.0.0/8 udp dport 53 ct state new counter accept
add rule inet filter FORWARD iifname "wg0" counter accept
add table inet nat
add chain inet nat PREROUTING { type nat hook prerouting priority -100; policy accept; }
add chain inet nat INPUT { type nat hook input priority 100; policy accept; }
add chain inet nat OUTPUT { type nat hook output priority -100; policy accept; }
add chain inet nat POSTROUTING { type nat hook postrouting priority 100; policy accept; }
add rule inet nat POSTROUTING oifname "eth0" counter masquerade

Prajwal-Koirala commented 1 year ago

table inet filter {
        chain input {
                type filter hook input priority filter; policy accept;
        }

        chain forward {
                type filter hook forward priority filter; policy accept;
        }

        chain output {
                type filter hook output priority filter; policy accept;
        }

        chain INPUT {
                type filter hook input priority filter; policy accept;
                ip saddr 10.0.0.0/8 udp dport 53 ct state new counter packets 34 bytes 2292 accept
        }

        chain FORWARD {
                type filter hook forward priority filter; policy accept;
                iifname "wg0" counter packets 1358 bytes 149278 accept
        }

        chain OUTPUT {
                type filter hook output priority filter; policy accept;
        }
}
table inet nat {
        chain PREROUTING {
                type nat hook prerouting priority dstnat; policy accept;
        }

        chain INPUT {
                type nat hook input priority 100; policy accept;
        }

        chain OUTPUT {
                type nat hook output priority -100; policy accept;
        }

        chain POSTROUTING {
                type nat hook postrouting priority srcnat; policy accept;
                oifname "eth0" counter packets 126 bytes 12925 masquerade
        }
}

Prajwal-Koirala commented 1 year ago

table inet wireguard {
        chain INPUT {
                type filter hook input priority filter; policy accept;
                ip saddr 10.0.0.0/8 udp dport 53 ct state new accept
        }

        chain FORWARD {
                type filter hook forward priority filter; policy accept;
                iifname "wg0" accept
        }

        chain POSTROUTING {
                type nat hook postrouting priority srcnat; policy accept;
                oifname "eth0" masquerade
        }
}

Prajwal-Koirala commented 1 year ago

table inet wireguard {
        chain INPUT {
                type filter hook input priority filter; policy accept;
                iifname "wg0" accept
        }
        chain FORWARD {
                type filter hook forward priority filter; policy accept;
                iifname "wg0" accept
        }
        chain POSTROUTING {
                type nat hook postrouting priority srcnat; policy accept;
                oifname "eth0" masquerade
        }
}

complexorganizations / wireguard-manager

Rewrite netfilter rules #350