2 lines
7.2 KiB
JSON
2 lines
7.2 KiB
JSON
{"nftables": [{"metainfo": {"version": "1.1.6", "release_name": "Commodore Bullmoose #7", "json_schema_version": 1}}, {"table": {"family": "inet", "name": "fwl", "handle": 23}}, {"chain": {"family": "inet", "table": "fwl", "name": "wg_flow", "handle": 1}}, {"chain": {"family": "inet", "table": "fwl", "name": "blockOutboundWG", "handle": 2}}, {"chain": {"family": "inet", "table": "fwl", "name": "input", "handle": 3, "type": "filter", "hook": "input", "prio": 0, "policy": "drop"}}, {"chain": {"family": "inet", "table": "fwl", "name": "forward", "handle": 4, "type": "filter", "hook": "forward", "prio": 0, "policy": "drop"}}, {"chain": {"family": "inet", "table": "fwl", "name": "output", "handle": 5, "type": "filter", "hook": "output", "prio": 0, "policy": "accept"}}, {"chain": {"family": "inet", "table": "fwl", "name": "nat_prerouting", "handle": 6, "type": "nat", "hook": "prerouting", "prio": -100, "policy": "accept"}}, {"chain": {"family": "inet", "table": "fwl", "name": "nat_postrouting", "handle": 7, "type": "nat", "hook": "postrouting", "prio": 100, "policy": "accept"}}, {"set": {"family": "inet", "name": "rfc1918", "table": "fwl", "type": "ipv4_addr", "handle": 8, "flags": ["interval"], "elem": [{"prefix": {"addr": "10.0.0.0", "len": 8}}, {"prefix": {"addr": "172.16.0.0", "len": 12}}, {"prefix": {"addr": "192.168.0.0", "len": 16}}]}}, {"map": {"family": "inet", "name": "forwards", "table": "fwl", "type": ["inet_proto", "inet_service"], "handle": 9, "map": ["ipv4_addr", "inet_service"], "elem": [[{"concat": ["tcp", 8080]}, {"concat": ["10.17.1.10", 80]}], [{"concat": ["tcp", 2222]}, {"concat": ["10.17.1.11", 22]}]]}}, {"rule": {"family": "inet", "table": "fwl", "chain": "wg_flow", "handle": 10, "expr": [{"match": {"op": "in", "left": {"ct": {"key": "state"}}, "right": "new"}}, {"match": {"op": "==", "left": {"ct": {"key": "mark"}}, "right": 0}}, {"match": {"op": "==", "left": {"payload": {"protocol": "udp", "field": "length"}}, "right": 156}}, {"match": {"op": "==", "left": {"payload": {"base": "th", "offset": 64, "len": 8}}, "right": 1}}, {"mangle": {"key": {"ct": {"key": "mark"}}, "value": 1}}, {"return": null}]}}, {"rule": {"family": "inet", "table": "fwl", "chain": "wg_flow", "handle": 11, "expr": [{"match": {"op": "==", "left": {"ct": {"key": "mark"}}, "right": 1}}, {"match": {"op": "==", "left": {"payload": {"protocol": "udp", "field": "length"}}, "right": 100}}, {"match": {"op": "==", "left": {"payload": {"base": "th", "offset": 64, "len": 8}}, "right": 2}}, {"mangle": {"key": {"ct": {"key": "mark"}}, "value": 2}}, {"return": null}]}}, {"rule": {"family": "inet", "table": "fwl", "chain": "blockOutboundWG", "handle": 12, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "nfproto"}}, "right": "ipv4"}}, {"match": {"op": "==", "left": {"payload": {"protocol": "udp", "field": "length"}}, "right": 156}}, {"match": {"op": "==", "left": {"payload": {"base": "th", "offset": 64, "len": 8}}, "right": 1}}, {"jump": {"target": "wg_flow"}}]}}, {"rule": {"family": "inet", "table": "fwl", "chain": "blockOutboundWG", "handle": 13, "expr": [{"match": {"op": "==", "left": {"ct": {"key": "mark"}}, "right": 2}}, {"log": {"prefix": "WG blocked: "}}, {"drop": null}]}}, {"rule": {"family": "inet", "table": "fwl", "chain": "blockOutboundWG", "handle": 14, "expr": [{"return": null}]}}, {"rule": {"family": "inet", "table": "fwl", "chain": "input", "handle": 16, "expr": [{"match": {"op": "==", "left": {"ct": {"key": "state"}}, "right": {"set": ["established", "related"]}}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "fwl", "chain": "input", "handle": 17, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "iifname"}}, "right": "lo"}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "fwl", "chain": "input", "handle": 18, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip6", "field": "nexthdr"}}, "right": "ipv6-icmp"}}, {"match": {"op": "==", "left": {"payload": {"protocol": "ip6", "field": "saddr"}}, "right": {"prefix": {"addr": "fe80::", "len": 10}}}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "fwl", "chain": "input", "handle": 19, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "nfproto"}}, "right": "ipv4"}}, {"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 22}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "fwl", "chain": "input", "handle": 20, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "nfproto"}}, "right": "ipv4"}}, {"match": {"op": "==", "left": {"payload": {"protocol": "udp", "field": "dport"}}, "right": 51944}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "fwl", "chain": "forward", "handle": 22, "expr": [{"match": {"op": "==", "left": {"ct": {"key": "state"}}, "right": {"set": ["established", "related"]}}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "fwl", "chain": "forward", "handle": 24, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "iifname"}}, "right": {"set": ["wg0", "lan"]}}}, {"match": {"op": "==", "left": {"meta": {"key": "oifname"}}, "right": "wan"}}, {"jump": {"target": "blockOutboundWG"}}]}}, {"rule": {"family": "inet", "table": "fwl", "chain": "forward", "handle": 25, "expr": [{"match": {"op": "in", "left": {"ct": {"key": "status"}}, "right": "dnat"}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "fwl", "chain": "forward", "handle": 27, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "iifname"}}, "right": {"set": ["wg0", "lan"]}}}, {"match": {"op": "==", "left": {"meta": {"key": "oifname"}}, "right": "wan"}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "fwl", "chain": "forward", "handle": 30, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "iifname"}}, "right": {"set": ["wg0", "lan"]}}}, {"match": {"op": "==", "left": {"meta": {"key": "oifname"}}, "right": {"set": ["wg0", "lan"]}}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "fwl", "chain": "forward", "handle": 33, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "iifname"}}, "right": "wan"}}, {"match": {"op": "==", "left": {"meta": {"key": "oifname"}}, "right": {"set": ["wg0", "lan"]}}}, {"match": {"op": "==", "left": {"meta": {"key": "nfproto"}}, "right": "ipv4"}}, {"match": {"op": "==", "left": {"meta": {"key": "l4proto"}}, "right": {"set": ["tcp", "udp"]}}}, {"match": {"op": "==", "left": {"concat": [{"meta": {"key": "l4proto"}}, {"payload": {"protocol": "th", "field": "dport"}}]}, "right": "@forwards"}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "fwl", "chain": "nat_prerouting", "handle": 35, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "nfproto"}}, "right": "ipv4"}}, {"match": {"op": "==", "left": {"meta": {"key": "l4proto"}}, "right": {"set": ["tcp", "udp"]}}}, {"match": {"op": "==", "left": {"fib": {"result": "type", "flags": ["daddr"]}}, "right": "local"}}, {"dnat": {"family": "ip", "addr": {"map": {"key": {"concat": [{"meta": {"key": "l4proto"}}, {"payload": {"protocol": "th", "field": "dport"}}]}, "data": "@forwards"}}}}]}}, {"rule": {"family": "inet", "table": "fwl", "chain": "nat_postrouting", "handle": 36, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "oifname"}}, "right": "wan"}}, {"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "saddr"}}, "right": "@rfc1918"}}, {"masquerade": null}]}}]}
|