!/bin/bash
echo "1" > /proc/sys/net/ipv4/ip_forward
nft add table dnsfwd
nft add chain dnsfwd prerouting {type nat hook prerouting priority 0 \; }
nft add chain dnsfwd postrouting {type nat hook postrouting priority 0 \; }
nft add rule dnsfwd postrouting tcp dport 53 masquerade
nft add rule dnsfwd postrouting udp dport 53 masquerade
nft add rule dnsfwd prerouting tcp dport 53 masquerade
nft add rule dnsfwd prerouting udp dport 53 masquerade
nft add rule dnsfwd prerouting ct state established,related accept
nft add rule dnsfwd postrouting ct state established,related accept