Skip to content

Commit 4f2a99a

Browse files
Till0196Till0196
committed
add nftables command examples to egress.go
1 parent d3041ac commit 4f2a99a

File tree

1 file changed

+3
-0
lines changed

1 file changed

+3
-0
lines changed

v2/pkg/founat/egress.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -116,6 +116,7 @@ func (e *egress) addNFTablesRules(conn *nftables.Conn, family nftables.TableFami
116116
ipData = ipNetParsed.IP.To4()
117117
}
118118

119+
// ex. nft add rule ip nat POSTROUTING ip saddr != 10.0.0.0/24 oifname "eth0" counter masquerade
119120
masqExprs := []expr.Any{
120121
&expr.Payload{
121122
DestRegister: nftRegister,
@@ -158,6 +159,7 @@ func (e *egress) addNFTablesRules(conn *nftables.Conn, family nftables.TableFami
158159
filterTable := &nftables.Table{Family: family, Name: "filter"}
159160
conn.AddTable(filterTable)
160161

162+
// ex. nft add chain ip filter FORWARD { type filter hook forward priority filter \; }
161163
forwardChain := &nftables.Chain{
162164
Name: "FORWARD",
163165
Table: filterTable,
@@ -168,6 +170,7 @@ func (e *egress) addNFTablesRules(conn *nftables.Conn, family nftables.TableFami
168170
conn.AddChain(forwardChain)
169171

170172
// Drop invalid or malformed packets from passing through the network.
173+
// ex. nft add rule ip filter FORWARD oifname "eth0" ct state invalid counter drop
171174
dropRule := &nftables.Rule{
172175
Table: filterTable,
173176
Chain: forwardChain,

0 commit comments

Comments
 (0)