Port mirroring via nftables // Blog Notes

In this task I need to mirror incoming UDP packets from eth1 to 2055 port on localhost. I will use nftables for this task.

For this, I make a mirror rule in the prerouting chain. In my case, I already have service running on 2055 port. So, I will change the destination port to 12055 and destination IP to 127.0.0.1.

table ip mangle {
	chain output {
		type filter hook output priority mangle; policy accept;
		oifname "lo" meta mark 2055 counter ip daddr set 127.0.0.1 udp dport set 12055;
	}
	chain prerouting {
		type filter hook prerouting priority mangle; policy accept;
		iifname "eth1" udp dport 2055 counter mark set 2055 dup to 127.0.0.1 device lo;
	}
}