How to add NAT iptables rules with CSF

What is CSF

Config Server Firewall (or CSF) is a free and advanced firewall for most Linux distributions.

How to add NAT iptables rules with CSF Firewall

We can add custom NAT iptables rules in /etc/csf/csfpre.sh OR/AND /etc/csf/csfpost.sh
0. Create csfpre.sh or csfpost.sh

touch /etc/csf/csfpre.sh /etc/csf/csfpost.sh

1. Change permission to make the script executable

chmod +x /etc/csf/csfpre.sh /etc/csf/csfpost.sh
chmod +t /etc/csf/csfpre.sh /etc/csf/csfpost.sh

2. Add NAT iptables rules

vim /etc/csf/csfpre.sh

add iptables rules like this:

iptables -t nat -F
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 1.2.3.4:80
iptables -t nat -A POSTROUTING -p tcp -d 1.2.3.4 --dport 80 -j SNAT --to-source 4.3.2.1

3. Restart csf and check the result

csf -r
iptables -t nat -L

Ref

+ Google
+ TecAdmin