What is CSF
Config Server Firewall (or CSF) is a free and advanced firewall for most Linux distributions.
How to add NAT iptables rules with CSF Firewall
We can add custom NAT iptables rules in /etc/csf/csfpre.sh OR/AND /etc/csf/csfpost.sh
0. Create csfpre.sh or csfpost.sh
touch /etc/csf/csfpre.sh /etc/csf/csfpost.sh
1. Change permission to make the script executable
chmod +x /etc/csf/csfpre.sh /etc/csf/csfpost.sh chmod +t /etc/csf/csfpre.sh /etc/csf/csfpost.sh
2. Add NAT iptables rules
vim /etc/csf/csfpre.sh
add iptables rules like this:
iptables -t nat -F iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 1.2.3.4:80 iptables -t nat -A POSTROUTING -p tcp -d 1.2.3.4 --dport 80 -j SNAT --to-source 4.3.2.1
3. Restart csf and check the result
csf -r iptables -t nat -L
