diff options
| author | Xiao Pan <xyz@flylightning.xyz> | 2025-07-10 11:43:28 +0000 |
|---|---|---|
| committer | Xiao Pan <xyz@flylightning.xyz> | 2025-07-10 11:43:36 +0000 |
| commit | e42a58e4292cdbab4914b99a9b04a55330451b03 (patch) | |
| tree | d9719d59257481927495f373f28045e0bb7ba328 | |
| parent | f5ccf1345fd578cee21dc1e99f211de4aedd2849 (diff) | |
change nft: website move to ca so no need route things to studio
| -rw-r--r-- | etc/nftables.conf | 7 |
1 files changed, 0 insertions, 7 deletions
diff --git a/etc/nftables.conf b/etc/nftables.conf index 1bc5fec6..c4b7e195 100644 --- a/etc/nftables.conf +++ b/etc/nftables.conf @@ -10,7 +10,6 @@ flush ruleset define pub_iface = "eth0" define wg_iface = "wg0" -define website_ip6 = "2606:a8c0:3:773::b" table inet my_table { chain my_input { @@ -31,8 +30,6 @@ table inet my_table { #tcp dport iperf3 accept udp dport wireguard accept udp dport swgp accept - # for acme.sh standalone mode builtin webserver to renew ssl cert - # for forward to studio tcp dport http accept tcp dport https accept # email related ports @@ -85,10 +82,6 @@ table inet nat { iifname $pub_iface tcp dport monerod-p2p dnat ip6 to [fdc9:281f:04d7:9ee9::1]:monerod-p2p iifname $pub_iface tcp dport ssh-isp dnat ip to 10.0.0.3:ssh iifname $pub_iface tcp dport ssh-isp dnat ip6 to [fdc9:281f:04d7:9ee9::3]:ssh - iifname $pub_iface tcp dport http dnat ip to 10.0.0.3:http - iifname $pub_iface ip6 daddr $website_ip6 tcp dport http dnat ip6 to [fdc9:281f:04d7:9ee9::3]:http - iifname $pub_iface tcp dport https dnat ip to 10.0.0.3:https - iifname $pub_iface tcp dport https dnat ip6 to [fdc9:281f:04d7:9ee9::3]:https } # for all packets to $pub_iface, after routing, replace source address with primary IP of $pub_iface interface chain postrouting { |