From 144ceb66f457e2a48ef2e1fdc8f003ccf4aa2e21 Mon Sep 17 00:00:00 2001 From: bol-van Date: Fri, 13 May 2022 14:35:27 +0300 Subject: [PATCH] nftables cheat sheet --- docs/nftables.txt | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 docs/nftables.txt diff --git a/docs/nftables.txt b/docs/nftables.txt new file mode 100644 index 0000000..4091c2c --- /dev/null +++ b/docs/nftables.txt @@ -0,0 +1,26 @@ +nftables test cheat sheet +simplified rule to test nfqws and tpws + + +For DNAT : + +# run tpws as user "tpws". its required to avoid loops. + +nft delete table inet ztest +nft create table inet ztest +nft add chain inet ztest pre "{type nat hook prerouting priority dstnat;}" +nft add rule inet ztest pre tcp dport "{80,443}" redirect to :988 +nft add chain inet ztest out "{type nat hook output priority -100;}" +nft add rule inet ztest out tcp dport "{80,443}" skuid != tpws redirect to :988 + + +For dpi desync attack : + +nft delete table inet ztest +nft create table inet ztest +nft add chain inet ztest post "{type filter hook postrouting priority mangle;}" +nft add rule inet ztest post tcp dport "{80,443}" queue num 200 bypass + + +show rules : nft list table inet ztest +delete table : nft delete table inet ztest