speatzle/nfsense
1
0
Fork 0
mirror of https://github.com/speatzle/nfsense.git synced 2025-09-13 15:19:08 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Implement Service Based nftables Match Generator

Browse source
This commit is contained in:
Samuel Lorch 2023-03-02 00:10:38 +01:00
parent b70a2688b5
commit 82f90aabb8
7 changed files with 76 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

2
pkg/nftables/template/destination_nat_rules.tmpl
View file

@ -1,2 +1,2 @@
{{ range $rule := .Netfilter.DestinationNATRules }}
{{ .Match.Nftables }}{{ if $rule.Counter }} counter{{ end }}{{ if ne $rule.Comment "" }} comment "{{ $rule.Comment }}"{{ end }}{{ end }}
{{ matcher .Services .Addresses $rule.Match }}{{ if $rule.Counter }} counter{{ end }}{{ if ne $rule.Comment "" }} comment "{{ $rule.Comment }}"{{ end }}{{ end }}

2
pkg/nftables/template/forward_rules.tmpl
View file

@ -1,2 +1,2 @@
{{range $rule := .Netfilter.ForwardRules}}
{{ .Match.Nftables }}{{ if $rule.Counter }} counter{{ end }} {{ $rule.Verdict.String }}{{ if ne $rule.Comment "" }} comment "{{ $rule.Comment }}"{{ end }}{{ end }}
{{ matcher .Services .Addresses $rule.Match }}{{ if $rule.Counter }} counter{{ end }} {{ $rule.Verdict.String }}{{ if ne $rule.Comment "" }} comment "{{ $rule.Comment }}"{{ end }}{{ end }}

4
pkg/nftables/template/nftables.tmpl
View file

@ -17,7 +17,6 @@ table inet nfsense_inet {
# allow loopback traffic
iifname lo accept
{{template "inbound_rules.tmpl" .}}
}
@ -27,21 +26,18 @@ table inet nfsense_inet {
# Allow traffic from established and related packets, drop invalid
ct state vmap { established : accept, related : accept, invalid : drop }
{{template "forward_rules.tmpl" .}}
}
# Destination NAT Rules
chain prerouting {
type nat hook prerouting priority -100; policy accept;
{{template "destination_nat_rules.tmpl" .}}
}
# Source NAT Rules
chain postrouting {
type nat hook postrouting priority 100; policy accept;
{{template "source_nat_rules.tmpl" .}}
}
}

2
pkg/nftables/template/source_nat_rules.tmpl
View file

@ -1,2 +1,2 @@
{{ range $rule := .Netfilter.SourceNATRules }}
{{ .Match.Nftables }}{{ if $rule.Counter }} counter{{ end }}{{ if ne $rule.Comment "" }} comment "{{ $rule.Comment }}"{{ end }}{{ end }}
{{ matcher .Services .Addresses $rule.Match }}{{ if $rule.Counter }} counter{{ end }}{{ if ne $rule.Comment "" }} comment "{{ $rule.Comment }}"{{ end }}{{ end }}