1 files changed, 15 insertions, 0 deletions
diff --git a/src/main.rs b/src/main.rs
index 839ddf8..310477c 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -1038,6 +1038,21 @@ fn machine_generate_configs(
        }
        machine_nft_script.push_str("table ip oar-p2p {\n");
+        machine_nft_script.push_str(
+            r#"
+    chain prerouting {
+        type filter hook prerouting priority raw;
+        ip saddr 10.0.0.0/8 notrack
+        ip daddr 10.0.0.0/8 notrack
+    }
+    chain output {
+        type filter hook output priority raw;
+        ip saddr 10.0.0.0/8 notrack
+        ip daddr 10.0.0.0/8 notrack
+    }
+"#,
+        );
        machine_nft_script.push_str("\tmap mark_pairs {\n");
        machine_nft_script.push_str("\t\ttype ipv4_addr . ipv4_addr : mark\n");
        machine_nft_script.push_str("\t\telements = {\n");

diff --git a/src/main.rs b/src/main.rs index 839ddf8..310477c 100644 --- a/src/main.rs +++ b/src/main.rs
@@ -1038,6 +1038,21 @@ fn machine_generate_configs(
1038	}	1038	}
1039		1039
1040	machine_nft_script.push_str("table ip oar-p2p {\n");	1040	machine_nft_script.push_str("table ip oar-p2p {\n");
		1041	machine_nft_script.push_str(
		1042	r#"
		1043	chain prerouting {
		1044	type filter hook prerouting priority raw;
		1045	ip saddr 10.0.0.0/8 notrack
		1046	ip daddr 10.0.0.0/8 notrack
		1047	}
		1048	chain output {
		1049	type filter hook output priority raw;
		1050	ip saddr 10.0.0.0/8 notrack
		1051	ip daddr 10.0.0.0/8 notrack
		1052	}
		1053	"#,
		1054	);
		1055
1041	machine_nft_script.push_str("\tmap mark_pairs {\n");	1056	machine_nft_script.push_str("\tmap mark_pairs {\n");
1042	machine_nft_script.push_str("\t\ttype ipv4_addr . ipv4_addr : mark\n");	1057	machine_nft_script.push_str("\t\ttype ipv4_addr . ipv4_addr : mark\n");
1043	machine_nft_script.push_str("\t\telements = {\n");	1058	machine_nft_script.push_str("\t\telements = {\n");