l 2 base: redirect internet ssh port to 45621

author: lassulus <lass@aidsballs.de> 2016-04-12 15:11:31 +0200
committer: lassulus <lass@aidsballs.de> 2016-04-12 15:11:31 +0200
commit: be6bfb17365046486abdd3af01f05b0cb99331ea (patch)
tree: 0c7b65bc6a71e9355a2e20effff041298441c5b3 /lass
parent: a1d80db7cc499bb9a850250357b0921fa61f5a59 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index d83e5377..4a446830 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -173,6 +173,13 @@ with config.krebs.lib;
   krebs.iptables = {
     enable = true;
     tables = {
+      nat.PREROUTING.rules = [
+        { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
+        { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
+      ];
+      nat.OUTPUT.rules = [
+        { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
+      ];
       filter.INPUT.policy = "DROP";
       filter.FORWARD.policy = "DROP";
       filter.INPUT.rules = [
author	lassulus <lass@aidsballs.de>	2016-04-12 15:11:31 +0200
committer	lassulus <lass@aidsballs.de>	2016-04-12 15:11:31 +0200
commit	be6bfb17365046486abdd3af01f05b0cb99331ea (patch)
tree	0c7b65bc6a71e9355a2e20effff041298441c5b3 /lass
parent	a1d80db7cc499bb9a850250357b0921fa61f5a59 (diff)