# Defines
#
+ define ipv4only_devices = { }
define ipv4only_subnets = { 192.168.1.0/24 }
+
#
# User includes
#
meta nfproto ipv4 ip daddr 192.168.1.0/24 jump output_ipv4only comment "!fw4: Handle ipv4only IPv4 output traffic"
}
+ chain prerouting {
+ type filter hook prerouting priority filter; policy accept;
+ }
+
chain handle_reject {
meta l4proto tcp reject with tcp reset comment "!fw4: Reject TCP traffic"
reject with icmpx type port-unreachable comment "!fw4: Reject any other traffic"
chain srcnat {
type nat hook postrouting priority srcnat; policy accept;
- meta nfproto ipv4 masquerade comment "!fw4: NAT #3"
- ip6 saddr fc00::/7 masquerade comment "!fw4: NAT #4"
- masquerade comment "!fw4: NAT #6"
+ meta nfproto ipv4 counter masquerade comment "!fw4: NAT #3"
+ ip6 saddr fc00::/7 counter masquerade comment "!fw4: NAT #4"
+ counter masquerade comment "!fw4: NAT #6"
meta nfproto ipv4 ip daddr 192.168.1.0/24 jump srcnat_ipv4only comment "!fw4: Handle ipv4only IPv4 srcnat traffic"
}
}
chain srcnat_ipv4only {
- meta nfproto ipv4 masquerade comment "!fw4: NAT #5"
+ meta nfproto ipv4 counter masquerade comment "!fw4: NAT #5"
}
#
- # Raw rules (notrack & helper)
+ # Raw rules (notrack)
#
chain raw_prerouting {