31 lines
1.2 KiB
TypeScript
31 lines
1.2 KiB
TypeScript
import type { TNftFamily } from './nft.types.js';
|
|
|
|
/**
|
|
* Build commands to create the nftables table and NAT chains (prerouting + postrouting).
|
|
*/
|
|
export function buildTableSetup(tableName: string, family: TNftFamily = 'ip'): string[] {
|
|
return [
|
|
`nft add table ${family} ${tableName}`,
|
|
`nft add chain ${family} ${tableName} prerouting { type nat hook prerouting priority 0 \\; }`,
|
|
`nft add chain ${family} ${tableName} postrouting { type nat hook postrouting priority 100 \\; }`,
|
|
];
|
|
}
|
|
|
|
/**
|
|
* Build commands to create filter chains (input, forward, output).
|
|
*/
|
|
export function buildFilterChains(tableName: string, family: TNftFamily = 'ip'): string[] {
|
|
return [
|
|
`nft add chain ${family} ${tableName} input { type filter hook input priority 0 \\; policy accept \\; }`,
|
|
`nft add chain ${family} ${tableName} forward { type filter hook forward priority 0 \\; policy accept \\; }`,
|
|
`nft add chain ${family} ${tableName} output { type filter hook output priority 0 \\; policy accept \\; }`,
|
|
];
|
|
}
|
|
|
|
/**
|
|
* Build command to delete the entire nftables table.
|
|
*/
|
|
export function buildTableCleanup(tableName: string, family: TNftFamily = 'ip'): string[] {
|
|
return [`nft delete table ${family} ${tableName}`];
|
|
}
|