From be6bfb17365046486abdd3af01f05b0cb99331ea Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Tue, 12 Apr 2016 15:11:31 +0200
Subject: l 2 base: redirect internet ssh port to 45621

---
 lass/2configs/base.nix | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'lass')

diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index d83e5377..4a446830 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -173,6 +173,13 @@ with config.krebs.lib;
   krebs.iptables = {
     enable = true;
     tables = {
+      nat.PREROUTING.rules = [
+        { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
+        { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
+      ];
+      nat.OUTPUT.rules = [
+        { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
+      ];
       filter.INPUT.policy = "DROP";
       filter.FORWARD.policy = "DROP";
       filter.INPUT.rules = [
-- 
cgit v1.2.3