push.rocks/smartnftables
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(nft): add source IP filtering for DNAT rules and expose table existence checks

Browse Source
This commit is contained in:
Jürgen Kunz
2026-03-30 14:19:44 +00:00
parent e4bb314b5f
commit 46a492443e
5 changed files with 28 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ts/nft.rulebuilder.nat.ts
View File

@@ -26,8 +26,9 @@ export function buildDnatRules(
for (const proto of protocols) {
// DNAT rule
const saddrFilter = rule.sourceIP ? `ip saddr ${rule.sourceIP} ` : '';
commands.push(
`nft add rule ${family} ${tableName} prerouting ${proto} dport ${rule.sourcePort} dnat to ${rule.targetHost}:${rule.targetPort}`
`nft add rule ${family} ${tableName} prerouting ${saddrFilter}${proto} dport ${rule.sourcePort} dnat to ${rule.targetHost}:${rule.targetPort}`
);
// Masquerade (SNAT) unless preserveSourceIP is set