diff options
| -rw-r--r-- | etc/nftables.conf | 12 |
1 files changed, 0 insertions, 12 deletions
diff --git a/etc/nftables.conf b/etc/nftables.conf index b07616b3..1fa3ce22 100644 --- a/etc/nftables.conf +++ b/etc/nftables.conf @@ -40,7 +40,6 @@ table inet my_table { tcp dport submission accept tcp dport imaps accept tcp dport pop3s accept - tcp dport monerod-p2p accept pkttype host limit rate 5/second counter reject with icmpx type admin-prohibited counter comment "count any other traffic" @@ -72,14 +71,6 @@ table inet nat { # newer kernel no need for `chain prerouting { type nat hook prerouting priority -100; policy accept; }` if has `chain postrouting` # also vice versa, no need `chain postrouting` if has `chain prerouting` # more see https://www.procustodibus.com/blog/2021/11/wireguard-nftables/ - chain prerouting { - type nat hook prerouting priority -100 - policy accept - # port forwarding from client - # https://www.procustodibus.com/blog/2022/09/wireguard-port-forward-from-internet - iifname $pub_iface tcp dport monerod-p2p dnat ip to 10.0.0.1:monerod-p2p - iifname $pub_iface tcp dport monerod-p2p dnat ip6 to [fdc9:281f:04d7:9ee9::1]:monerod-p2p - } # for all packets to $pub_iface, after routing, replace source address with primary IP of $pub_iface interface chain postrouting { type nat hook postrouting priority 100 @@ -87,8 +78,5 @@ table inet nat { # Needed for VPN. Needed for port forwarding from cilent with VPN through server # https://www.procustodibus.com/blog/2022/09/wireguard-port-forward-from-internet/#default-route oifname $pub_iface masquerade - # needed for port forwarding from client without VPN through server - # https://www.procustodibus.com/blog/2022/09/wireguard-port-forward-from-internet/#masquerading - #oifname $wg_iface masquerade } } |