Untitled

table ip filter {
	chain input {
		type filter hook input priority filter; policy drop;
		ct state { established, related } accept
		ct state invalid drop
		iifname "lo" accept
		iifname "intern0" accept
		ip protocol icmp accept
		tcp dport 22 accept
		reject
	}

	chain forward {
		type filter hook forward priority filter; policy accept;
	}

	chain output {
		type filter hook output priority filter; policy accept;
	}
}
table ip nat {
	chain prerouting {
		type nat hook prerouting priority filter; policy accept;
		iif "extern0" tcp dport 49153-49155 dnat to 192.168.1.2
		iif "extern0" tcp dport 2222 dnat to 192.168.1.2:22
		iif "extern0" tcp dport 32400 dnat to 192.168.1.2
		iif "extern0" tcp dport 80 dnat to 192.168.1.2
		iif "extern0" tcp dport 443 dnat to 192.168.1.2
		iif "extern0" tcp dport 8096 dnat to 192.168.1.2
		iif "extern0" udp dport 6881-6883 dnat to 192.168.1.2
		ip daddr 8.8.8.8 dnat to 192.168.1.1
		ip daddr 8.8.4.4 dnat to 192.168.1.1
	}

	chain postrouting {
		type nat hook postrouting priority srcnat; policy accept;
		masquerade
	}
}
table ip6 filter {
	chain input {
		type filter hook input priority filter; policy drop;
		ct state { established, related } accept
		ct state invalid drop
		iifname "lo" accept
		iifname "intern0" accept
	}

	chain forward {
		type filter hook forward priority filter; policy drop;
		ct state { established, related } accept
		ct state invalid drop
		iifname "lo" accept
		iifname "intern0" accept
	}

	chain output {
		type filter hook output priority filter; policy accept;
	}
}
table ip mangle {
	chain prerouting {
		type filter hook prerouting priority raw; policy accept;
		ip saddr 192.168.1.2 tcp sport 6881-6883 ip dscp set cs1
		ip saddr 192.168.1.2 udp sport 6881-6883 ip dscp set cs1
		ip saddr 192.168.1.2 tcp sport 49153-49155 ip dscp set cs1
		ip saddr 192.168.1.2 udp sport 49153-49155 ip dscp set cs1
	}
}