2022-01-31 11:59:39 -06:00
define WAN = wan0
2021-07-10 23:48:10 -05:00
define LAN = lan0
2022-02-07 16:51:23 -06:00
define VPN = wg-vpn
2021-07-10 23:48:10 -05:00
2021-07-09 17:21:45 -05:00
table inet filter {
chain input {
type filter hook input priority filter; policy accept;
2021-07-10 23:48:10 -05:00
iifname "lo" accept
2021-07-09 17:21:45 -05:00
ct state invalid drop
2022-01-31 16:44:36 -06:00
ct state { established, related } accept
2022-02-07 16:51:23 -06:00
icmpv6 type {echo-request,nd-neighbor-solicit,nd-neighbor-advert,nd-router-solicit,nd-router-advert,mld-listener-query,destination-unreachable,packet-too-big,time-exceeded,parameter-problem} accept
2022-01-31 16:44:36 -06:00
ip protocol icmpv6 accept
2021-07-09 17:21:45 -05:00
ip protocol icmp accept
meta l4proto ipv6-icmp accept
2024-07-11 11:17:33 -05:00
tcp dport { 4022, 10578, 51821, 51820, 22, 53, 67, 2201, 2221, 8448, 8008, 25565, 26968, 26965, 34197, 27015, 27036 } accept
udp dport { 9876, 9877, 4020, 10578, 51821, 51820, 22, 53, 67, 2201, 2221, 25565, 26968, 26965, 34197 } accept
udp dport 27000-27100 accept
2022-03-23 13:30:12 -05:00
udp dport { 60000-60009 } accept
udp dport dhcpv6-client accept
2021-07-10 23:48:10 -05:00
drop
2021-07-09 17:21:45 -05:00
}
chain forward {
type filter hook forward priority filter; policy accept;
accept
}
chain output {
type filter hook output priority filter; policy accept;
2022-01-31 16:44:36 -06:00
accept
2021-07-09 17:21:45 -05:00
}
}
2021-07-10 14:46:26 -05:00
2021-07-10 23:48:10 -05:00
table ip nat {
2022-03-23 13:30:12 -05:00
set masq_saddr {
type ipv4_addr
flags interval
2023-10-10 21:35:06 -05:00
elements = { 192.168.0.0/16 }
2022-01-31 16:44:36 -06:00
}
2021-07-10 23:48:10 -05:00
2022-03-23 13:30:12 -05:00
map map_port_ipport {
type inet_proto . inet_service : ipv4_addr . inet_service
}
2021-07-10 23:48:10 -05:00
2022-03-23 13:30:12 -05:00
chain prerouting {
2022-02-09 11:00:24 -06:00
iifname $LAN accept
2022-03-23 13:30:12 -05:00
type nat hook prerouting priority dstnat + 1; policy accept;
fib daddr type local dnat ip addr . port to meta l4proto . th dport map @map_port_ipport
2022-01-31 16:44:36 -06:00
2023-07-17 13:09:47 -05:00
# beefcake (ben access)
2023-10-10 21:35:06 -05:00
iifname $WAN tcp dport { 64022 } dnat to 192.168.0.9
iifname $WAN udp dport { 64020 } dnat to 192.168.0.9
2022-01-31 16:44:36 -06:00
2023-08-30 21:34:05 -05:00
# beefcake services
2023-10-10 21:35:06 -05:00
iifname $WAN tcp dport { 443, 80, 22 } dnat to 192.168.0.9
2023-08-30 21:34:05 -05:00
2022-11-14 09:42:25 -06:00
# mnemonic
2023-10-10 21:35:06 -05:00
iifname $WAN tcp dport { 8022 } dnat to 192.168.0.248
2022-11-14 09:42:25 -06:00
2022-01-31 17:06:53 -06:00
# ourcraft
2024-07-11 11:17:33 -05:00
iifname $WAN tcp dport { 2456, 2457, 25565, 34197 } dnat to 192.168.0.153
iifname $WAN udp dport { 2456, 2457, 25565, 34197 } dnat to 192.168.0.153
# jland and dawncraft
iifname $WAN tcp dport { 26968, 26965 } dnat to 192.168.0.9
iifname $WAN udp dport { 26968, 26965 } dnat to 192.168.0.9
# v rising
iifname $WAN tcp dport { 27015, 27036 } dnat to 192.168.0.9
iifname $WAN udp dport 9876-9877 dnat to 192.168.0.9
iifname $WAN udp dport { 9876, 9877 } dnat to 192.168.0.9
iifname $WAN udp dport 27000-27100 dnat to 192.168.0.9
2023-07-17 13:09:47 -05:00
# router
2023-10-10 21:35:06 -05:00
iifname $WAN tcp dport { 2201 } dnat to 192.168.0.1
iifname $WAN udp dport { 2201 } dnat to 192.168.0.1
2022-01-31 16:44:36 -06:00
}
2021-07-09 17:21:45 -05:00
chain output {
type nat hook output priority -99; policy accept;
ip daddr != 127.0.0.0/8 oif "lo" dnat ip addr . port to meta l4proto . th dport map @map_port_ipport
}
chain postrouting {
type nat hook postrouting priority srcnat + 1; policy accept;
2022-03-23 13:30:12 -05:00
oifname $LAN masquerade
2021-07-09 17:21:45 -05:00
ip saddr @masq_saddr masquerade
}
}
2021-07-10 14:46:26 -05:00
2022-03-23 13:30:12 -05:00
# table ip filter {
# chain output {
# type filter hook output priority 100; policy accept;
# }
#
# chain input {
# type filter hook input priority 0; policy accept;
# }
#
# chain forward {
# type filter hook forward priority 0; policy accept;
# }
# }
2023-08-30 21:34:05 -05:00
#