Initial commit.
This commit is contained in:
30
nftables/nat.nft
Normal file
30
nftables/nat.nft
Normal file
@@ -0,0 +1,30 @@
|
||||
# Sample configuration snippet for nftables service.
|
||||
# Meant to be included by main.nft, not for direct use.
|
||||
|
||||
# dedicated table for IPv4
|
||||
table ip nftables_svc {
|
||||
|
||||
# interfaces to masquerade traffic from
|
||||
set masq_interfaces {
|
||||
type ifname
|
||||
elements = { "virbr0" }
|
||||
}
|
||||
|
||||
# networks to masquerade traffic from
|
||||
# 'interval' flag is required to support subnets
|
||||
set masq_ips {
|
||||
type ipv4_addr
|
||||
flags interval
|
||||
elements = { 192.168.122.0/24 }
|
||||
}
|
||||
|
||||
# base-chain to manipulate conntrack in postrouting,
|
||||
# will see packets for new or related traffic only
|
||||
chain POSTROUTING {
|
||||
type nat hook postrouting priority srcnat + 20
|
||||
policy accept
|
||||
|
||||
iifname @masq_interfaces oifname != @masq_interfaces masquerade
|
||||
ip saddr @masq_ips masquerade
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user