esemeniuc · March 17, 2023 01:54
diff --git a/duplicate_packets.nft b/duplicate_packets.nft
 #!/usr/sbin/nft -f

 # see https://unix.stackexchange.com/questions/740061/how-do-you-duplicate-all-udp-traffic-on-a-port-range-using-nftables/

 # sends all duplicated packets to 10.0.0.1
 # run this before applying this file
 # sudo ip addr add 10.0.0.1/24 dev lo

 # clean up with
 # sudo ip addr delete 10.0.0.1/24 dev lo
 # nft flush ruleset

 flush ruleset

 table ip mangle {
    chain prerouting {
        type filter hook prerouting priority mangle; policy accept;
        iifname != lo udp dport 8000-8100 dup to 10.0.0.1 device lo notrack
    }

 	chain input {
 		type filter hook input priority mangle; policy accept;
        iifname lo udp dport 8000-8100 ip daddr set 10.0.0.1 notrack
 	}
 }
	#!/usr/sbin/nft -f

	# see https://unix.stackexchange.com/questions/740061/how-do-you-duplicate-all-udp-traffic-on-a-port-range-using-nftables/

	# sends all duplicated packets to 10.0.0.1
	# run this before applying this file
	# sudo ip addr add 10.0.0.1/24 dev lo

	# clean up with
	# sudo ip addr delete 10.0.0.1/24 dev lo
	# nft flush ruleset

	flush ruleset

	table ip mangle {
	chain prerouting {
	type filter hook prerouting priority mangle; policy accept;
	iifname != lo udp dport 8000-8100 dup to 10.0.0.1 device lo notrack
	}

	chain input {
	type filter hook input priority mangle; policy accept;
	iifname lo udp dport 8000-8100 ip daddr set 10.0.0.1 notrack
	}
	}