#!/bin/sh for host in outbound1.letsencrypt.org outbound2.letsencrypt.org; do for port in 80 443; do dest=$((port+8000)) iptables --table nat --append PREROUTING --protocol tcp \ --source $host --dport $port --jump REDIRECT --to-ports $dest done done iptables --table filter --append INPUT --protocol tcp \ --match multiport --dports 8080,8443 --jump ACCEPT