diff options
| -rw-r--r-- | etc/nftables.conf | 7 |
1 files changed, 0 insertions, 7 deletions
diff --git a/etc/nftables.conf b/etc/nftables.conf index 1bc5fec6..c4b7e195 100644 --- a/etc/nftables.conf +++ b/etc/nftables.conf @@ -10,7 +10,6 @@ flush ruleset define pub_iface = "eth0" define wg_iface = "wg0" -define website_ip6 = "2606:a8c0:3:773::b" table inet my_table { chain my_input { @@ -31,8 +30,6 @@ table inet my_table { #tcp dport iperf3 accept udp dport wireguard accept udp dport swgp accept - # for acme.sh standalone mode builtin webserver to renew ssl cert - # for forward to studio tcp dport http accept tcp dport https accept # email related ports @@ -85,10 +82,6 @@ table inet nat { iifname $pub_iface tcp dport monerod-p2p dnat ip6 to [fdc9:281f:04d7:9ee9::1]:monerod-p2p iifname $pub_iface tcp dport ssh-isp dnat ip to 10.0.0.3:ssh iifname $pub_iface tcp dport ssh-isp dnat ip6 to [fdc9:281f:04d7:9ee9::3]:ssh - iifname $pub_iface tcp dport http dnat ip to 10.0.0.3:http - iifname $pub_iface ip6 daddr $website_ip6 tcp dport http dnat ip6 to [fdc9:281f:04d7:9ee9::3]:http - iifname $pub_iface tcp dport https dnat ip to 10.0.0.3:https - iifname $pub_iface tcp dport https dnat ip6 to [fdc9:281f:04d7:9ee9::3]:https } # for all packets to $pub_iface, after routing, replace source address with primary IP of $pub_iface interface chain postrouting { |