Pastein: sudo nft flush ruleset && sudo tee /etc/nftables.conf << 'EOF' #!/usr/sbin/nft -f flush ruleset table ip nat { chain prerouting { type nat hook prerouting priority -100; policy acce

Загрузка данных

sudo nft flush ruleset && sudo tee /etc/nftables.conf << 'EOF'
#!/usr/sbin/nft -f
flush ruleset

table ip nat {
    chain prerouting {
        type nat hook prerouting priority -100; policy accept;
        iifname "enp0s8" tcp dport 80 redirect to 3144
        iifname "enp0s9" tcp dport 80 redirect to 3144
    }
    chain postrouting {
        type nat hook postrouting priority 100; policy accept;
        oifname "enp0s3" masquerade
    }
}

table inet filter {
    chain input {
        type filter hook input priority filter; policy drop;
        ct state established,related accept
        iifname "lo" accept
        ip saddr 192.168.12.0/24 tcp dport 22 accept
        udp dport 53 accept
        tcp dport 53 accept
        ip saddr 192.168.12.0/24 tcp dport 3144 accept
        ip protocol icmp accept
    }
    chain forward {
        type filter hook forward priority filter; policy accept;
        ip saddr 192.168.12.0/24 oifname "enp0s3" accept
        ip daddr 192.168.12.0/24 iifname "enp0s3" ct state established,related accept
    }
    chain output {
        type filter hook output priority filter; policy accept;
    }
}
EOF
sudo nft -f /etc/nftables.conf && echo "=== NFTABLES НАСТРОЕН ===" && sudo nft list ruleset

Больше возможностей при регистрации: