GavinKacprowicz
commented
11 months ago Would this work?
Remove existing iptables entries
nft delete rule ip mangle PREROUTING iifname "usb+" ip ttl set add 2 nft delete rule ip mangle POSTROUTING oifname "usb+" ip ttl set add 2 nft delete rule ip6 mangle PREROUTING iifname "usb+" ip6 ! ip6 nexthdr icmpv6 ttl set add 2 nft delete rule ip6 mangle POSTROUTING oifname "usb+" ip6 ! ip6 nexthdr icmpv6 ttl set add 2
Move past TTL & HL hotspot detections
nft add table inet mangle nft add chain inet mangle PREROUTING { type filter hook prerouting priority 0 \; } nft add chain inet mangle POSTROUTING { type filter hook postrouting priority 0 \; }
nft add rule inet mangle PREROUTING iifname "usb+" ttl set add 2 nft insert rule inet mangle POSTROUTING oifname "usb+" ttl set add 2
nft add rule inet mangle PREROUTING iifname "usb+" ip protocol != icmpv6 hl set add 2 nft insert rule inet mangle POSTROUTING oifname "usb+" ip protocol != icmpv6 hl set add 2
How would I do this same thing for nftables?