diff options
| -rw-r--r-- | etc/nftables.conf | 12 | ||||
| -rw-r--r-- | home/xyz/.config/myconf/pacman_Qqme | 1 | ||||
| -rw-r--r-- | home/xyz/.config/myconf/pacman_Qqne | 1 |
3 files changed, 12 insertions, 2 deletions
diff --git a/etc/nftables.conf b/etc/nftables.conf index d20d2605..52bacd38 100644 --- a/etc/nftables.conf +++ b/etc/nftables.conf @@ -27,10 +27,12 @@ table inet my_table { meta l4proto ipv6-icmp accept tcp dport ssh accept - #tcp dport iperf3 accept + tcp dport iperf3 accept udp dport wireguard accept udp dport swgp accept tcp dport monerod-p2p accept + # phantun + tcp dport 59083 accept pkttype host limit rate 5/second counter reject with icmpx type admin-prohibited counter comment "count any other traffic" @@ -46,6 +48,9 @@ table inet my_table { #iifname $pub_iface oifname $wg_iface accept iifname $wg_iface accept oifname $wg_iface accept + # needed for phantun? + iifname pt0 accept + oifname pt0 accept } chain my_output { @@ -63,12 +68,15 @@ table inet nat { # also vice versa, no need `chain postrouting` if has `chain prerouting` # more see https://www.procustodibus.com/blog/2021/11/wireguard-nftables/ chain prerouting { - type nat hook prerouting priority -100 + type nat hook prerouting priority dstnat policy accept # port forwarding from client # https://www.procustodibus.com/blog/2022/09/wireguard-port-forward-from-internet iifname $pub_iface tcp dport monerod-p2p dnat ip to 10.0.0.1:monerod-p2p iifname $pub_iface tcp dport monerod-p2p dnat ip6 to [fdc9:281f:04d7:9ee9::1]:monerod-p2p + # needed for phantun + iif $pub_iface tcp dport 59083 dnat ip to 10.0.2.2 + iif $pub_iface tcp dport 59083 dnat ip6 to fdc9:281f:04d7:9eeb::2 } # for all packets to $pub_iface, after routing, replace source address with primary IP of $pub_iface interface chain postrouting { diff --git a/home/xyz/.config/myconf/pacman_Qqme b/home/xyz/.config/myconf/pacman_Qqme index d93ec650..9b979180 100644 --- a/home/xyz/.config/myconf/pacman_Qqme +++ b/home/xyz/.config/myconf/pacman_Qqme @@ -7,6 +7,7 @@ htop-vim librespeed-cli-bin neovim-plug paru-bin +phantun-git pipdeptree swgp-go task-spooler diff --git a/home/xyz/.config/myconf/pacman_Qqne b/home/xyz/.config/myconf/pacman_Qqne index b9844fb3..d8967f36 100644 --- a/home/xyz/.config/myconf/pacman_Qqne +++ b/home/xyz/.config/myconf/pacman_Qqne @@ -34,6 +34,7 @@ posix-xsi python-pip rebuild-detector reflector +rustup shellcheck speedtest-cli strace |