Update working-rules.nft

henmohr · Jan 14, 2025 · 866cd19 · 866cd19
1 parent 63b6598
commit 866cd19
Showing 1 changed file with 15 additions and 18 deletions.
diff --git a/packages/pirania/files/usr/bin/working-rules.nft b/packages/pirania/files/usr/bin/working-rules.nft
@@ -1,6 +1,7 @@
 table inet pirania {
 	set pirania-auth-macs {
 		type ether_addr
+		elements = { a6:37:9c:fa:e2:55 }
 	}
 
 	set pirania-allowlist-ipv4 {
@@ -21,8 +22,13 @@ table inet pirania {
 	}
 
 	chain prerouting {
-		type nat hook prerouting priority filter -1; policy accept;
-
+		type nat hook prerouting priority filter - 1; policy accept;
+		tcp dport 22 accept
+		udp dport 67-68 accept
+		udp sport 67-68 accept
+		udp sport 53 accept
+		ether saddr @pirania-auth-macs accept
+		ether daddr @pirania-auth-macs accept
 		ip protocol udp udp dport 53 ether saddr != @pirania-auth-macs ct state new redirect to :59053
 		ip protocol tcp tcp dport { 80, 443 } ether saddr != @pirania-auth-macs ct state new limit rate 10/second redirect to :59080
 	}
@@ -31,20 +37,11 @@ table inet pirania {
 		type filter hook input priority filter; policy accept;
 	}
 
-chain forward {
-    type filter hook forward priority filter; policy accept;
-    ether saddr @pirania-auth-macs accept
-    ct state established,related accept
-    tcp dport 22 accept
-    udp dport { 53, 67-68 } accept
-    udp sport { 53, 67-68 } accept
-    ip saddr 10.13.0.0/16 accept  # Permitir tráfego da rede interna
-    ip daddr @pirania-allowlist-ipv4 accept
-    log prefix "DROPPED_FORWARD" drop
-}
-
-chain postrouting {
-    type nat hook postrouting priority srcnat; policy accept;
-    oifname "eth0" masquerade
-}
+	chain forward {
+		type filter hook forward priority filter; policy accept;
+		ether saddr @pirania-auth-macs accept
+		ct state established,related accept
+		ip daddr @pirania-allowlist-ipv4 accept
+		log prefix "DROPPED_FORWARD" drop
+	}
 }