From 25299fc6e98d9367089b9788df694f44b1cbbe0b Mon Sep 17 00:00:00 2001
From: celso <celsochan@disroot.org>
Date: Thu, 2 Apr 2026 19:04:24 -0300
Subject: [PATCH] added HLS, added iperf to udp, added argent and its NAT rule

---
 defines.nft | 6 ++++--
 filter.nft  | 7 ++++---
 nat.nft     | 1 +
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/defines.nft b/defines.nft
index e571154..8f47c91 100644
--- a/defines.nft
+++ b/defines.nft
@@ -9,18 +9,20 @@ define HTTPS_PORT = 443
 define RPCBIND_PORT = 111
 define NFS_PORT = 2049
 define MOUNTD_PORT = 32767
+define HLS_PORT = 1935
 define SYNCPLAY_PORT = 60000
 define TERRARIA_PORT = 7777
 define MAINPAGE_PORT = 3000
 define NEXTCLOUD_PORT = 3001
 define GITEA_PORT = 3002
-define IPERF_PORT = 5201
-define MARIADB_PORT = 3096
+define MARIADB_PORT = 3306
+define ARGENT_PORT = 53306
 define POSTGRESQL_PORT = 5432
 
 # TCP and UDP services (needs to go in both sets)
 define DNS_PORT = 53
 define OPENTTD_PORT = 3979
+define IPERF_PORT = 5201
 
 # UDP only services
 define DHCP_IN_PORT = 67
diff --git a/filter.nft b/filter.nft
index 963ca80..9d6ad22 100644
--- a/filter.nft
+++ b/filter.nft
@@ -10,18 +10,19 @@ table ip filter {
 		elements = {
 			$SSH_PORT1, $SSH_PORT2, $DNS_PORT, $HTTP_PORT, $HTTPS_PORT, $SYNCPLAY_PORT,
 			$TERRARIA_PORT, $OPENTTD_PORT, $MAINPAGE_PORT, $NEXTCLOUD_PORT, $GITEA_PORT,
-			$POSTGRESQL_PORT, $RPCBIND_PORT, $MOUNTD_PORT, $NFS_PORT, $MARIADB_PORT, $IPERF_PORT
+			$POSTGRESQL_PORT, $RPCBIND_PORT, $MOUNTD_PORT, $NFS_PORT, $MARIADB_PORT,
+			$HLS_PORT, $IPERF_PORT, $ARGENT_PORT
 		};
 	}
 
 	set allowed_udp_ports_in {
 		type inet_service; flags constant;
-		elements = { $DNS_PORT, $DHCP_IN_PORT, $OPENVPN_PORT, $FACTORIO_PORT, $OPENTTD_PORT, $CSTRIKE_PORT, $SNMP_POLL_PORT, $SNMP_TRAP_PORT };
+		elements = { $DNS_PORT, $DHCP_IN_PORT, $OPENVPN_PORT, $FACTORIO_PORT, $OPENTTD_PORT, $CSTRIKE_PORT, $SNMP_POLL_PORT, $SNMP_TRAP_PORT, $IPERF_PORT };
 	}
 
 	set allowed_udp_ports_out {
 		type inet_service; flags constant;
-		elements = { $DNS_PORT, $DHCP_OUT_PORT, $SNMP_POLL_PORT };
+		elements = { $DNS_PORT, $DHCP_OUT_PORT, $SNMP_POLL_PORT, $IPERF_PORT };
 	}
 
 	set ipv4_geo_blacklist {
diff --git a/nat.nft b/nat.nft
index d3b28b5..ee7af96 100644
--- a/nat.nft
+++ b/nat.nft
@@ -2,6 +2,7 @@ table nat {
 	chain prerouting {
 		type nat hook prerouting priority 0;
 		comment "this is necessary even if empty";
+		tcp dport $ARGENT_EXTERNAL_PORT redirect to $MARIADB_PORT;
 	}
 
 	chain postrouting {