Use a less generic nftables table name

2023-09-19 00:09:41 +02:00 · 2023-09-19 00:09:41 +02:00 · 74d5abdfe2
commit 74d5abdfe2
parent cd938d5020
1 changed files with 8 additions and 8 deletions
--- a/pkgs/wireguard-nat-nftables/src/wireguard-nat-nftables.py
+++ b/pkgs/wireguard-nat-nftables/src/wireguard-nat-nftables.py
@ -20,9 +20,9 @@ def main():
    nft.set_handle_output(True)

    # add nat table rules for dnat and snat masquerade
-    nft.cmd("add table nat")
-    nft.cmd("add chain nat prerouting { type nat hook prerouting priority -100; }")
-    nft.cmd("add chain nat postrouting { type nat hook postrouting priority 100; }")
+    nft.cmd("add table wireguard-nat")
+    nft.cmd("add chain wireguard-nat prerouting { type nat hook prerouting priority -100; }")
+    nft.cmd("add chain wireguard-nat postrouting { type nat hook postrouting priority 100; }")
    
    # load current nftables rules
    rc, output, error = nft.cmd("list ruleset")
@ -34,14 +34,14 @@ def main():
    for item in nftables_output["nftables"]:
        if ("rule" in item 
            and item["rule"]["family"] == "ip"
-            and item["rule"]["table"] == "nat"
+            and item["rule"]["table"] == "wireguard-nat"
            and item["rule"]["chain"] == "postrouting"
            and "masquerade" in item["rule"]["expr"][0]
        ):
            add_masquerade = False
            break
    if add_masquerade:
-        nft.cmd("add rule nat postrouting masquerade")
+        nft.cmd("add rule wireguard-nat postrouting masquerade")

    while True:
        # list WireGuard peer endpoint addresses of WireGuard VPN connection
@ -67,12 +67,12 @@ def main():

            # update existing nftable dnat rules, if the remote IP mismatches
            for item in nftables_output["nftables"]:
-                if "rule" in item and item["rule"]["family"] == "ip" and item["rule"]["table"] == "nat" and item["rule"]["chain"] == "prerouting":
+                if "rule" in item and item["rule"]["family"] == "ip" and item["rule"]["table"] == "wireguard-nat" and item["rule"]["chain"] == "prerouting":
                    handle = item["rule"]["handle"]
                    ip = item["rule"]["expr"][2]["dnat"]["addr"]
                    port = item["rule"]["expr"][1]["match"]["right"]
                    if not ip == port_ip_mapping[port]:
-                        rc, output, error = nft.cmd("replace rule nat prerouting handle {} iif {} udp dport {} dnat to {}".format(handle, interface, port, port_ip_mapping[port]))
+                        rc, output, error = nft.cmd("replace rule wireguard-nat prerouting handle {} iif {} udp dport {} dnat to {}".format(handle, interface, port, port_ip_mapping[port]))
                        if error:
                            eprint(error)
                        else:
@ -81,7 +81,7 @@ def main():

            # loop through all remaining ports and add needed dnat rules
            for port in port_ip_mapping:
-                rc, output, error = nft.cmd("add rule nat prerouting iif {} udp dport {} dnat to {}".format(interface, port, port_ip_mapping[port]))
+                rc, output, error = nft.cmd("add rule wireguard-nat prerouting iif {} udp dport {} dnat to {}".format(interface, port, port_ip_mapping[port]))
                if error:
                    print(error, file=sys.stderr)
                else: