#!/bin/bash

##########################################################
###    bash <(curl -fsSL https://raw.lhy.life/nft-dnat.sh) --dport=1234 --dnat=192.168.1.10:4567
##########################################################

## GetArgValue <key> <defValue>
## ./script --key=value
g_args=("$@")
function GetArgValue()
{
	local key="$1"
	local defvalue="$2"

	for arg in "${g_args[@]}"
	do
		if [[ "$arg" == "--$key="* ]]
		then
			echo "${arg#*=}"
			return
		fi
	done

	echo "$defvalue"
}

DPORT=$(GetArgValue "dport" "1234")
DNAT=$(GetArgValue "dnat" "192.168.1.10:4567")
IFS=':' read -r DNAT_IP DNAT_PORT <<< "$DNAT"


cp /etc/nftables.conf /etc/nftables.conf.bak
cat <<EOF > /etc/nftables.conf
#!/usr/sbin/nft -f

flush ruleset

table inet main {
    chain prerouting {
        type nat hook prerouting priority -100;
        meta l4proto { tcp, udp } th dport $DPORT dnat ip to $DNAT
    }

    chain postrouting {
        type nat hook postrouting priority 100;
        ip daddr $DNAT_IP masquerade
    }
}
EOF

systemctl restart nftables
systemctl enable nftables
nft list ruleset

if [ -f /etc/sysctl.conf ]; then
	sed -i "/^net.ipv4.ip_forward/d" /etc/sysctl.conf
fi

echo "net.ipv4.ip_forward = 1" > /etc/sysctl.d/90-fwd.conf
sysctl -p /etc/sysctl.d/90-fwd.conf