gsd
/
zapret
mirror of https://github.com/bol-van/zapret/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

nftables cheat sheet

pull/113/head
bol-van 3 years ago
parent
5226f7b320
commit
144ceb66f4
1 changed files with 26 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 26
      docs/nftables.txt

26
docs/nftables.txt
View File

@ -0,0 +1,26 @@
nftables test cheat sheet
simplified rule to test nfqws and tpws
For DNAT :
# run tpws as user "tpws". its required to avoid loops.
nft delete table inet ztest
nft create table inet ztest
nft add chain inet ztest pre "{type nat hook prerouting priority dstnat;}"
nft add rule inet ztest pre tcp dport "{80,443}" redirect to :988
nft add chain inet ztest out "{type nat hook output priority -100;}"
nft add rule inet ztest out tcp dport "{80,443}" skuid != tpws redirect to :988
For dpi desync attack :
nft delete table inet ztest
nft create table inet ztest
nft add chain inet ztest post "{type filter hook postrouting priority mangle;}"
nft add rule inet ztest post tcp dport "{80,443}" queue num 200 bypass
show rules : nft list table inet ztest
delete table : nft delete table inet ztest
Write Preview
Loading…
Cancel
Save