ansible/roles/nftables_router/templates/nftables.d/60-nat.conf.j2

25 lines
465 B
Text
Raw Permalink Normal View History

2021-03-10 03:16:51 +01:00
{{ ansible_managed | comment }}
table ip nat {
chain prerouting {
type nat hook prerouting priority -100
policy accept
}
chain snat_to_wan {
log prefix "snat-to-wan" group 0
ip saddr $members_v4 snat $members_nat_v4 persistent
2021-03-10 03:16:51 +01:00
snat $any_nat_v4 persistent
}
chain postrouting {
2021-03-10 04:08:10 +01:00
type nat hook postrouting priority 100
2021-03-10 03:16:51 +01:00
policy accept
2021-03-10 04:08:10 +01:00
oifname $wan_iface goto snat_to_wan
2021-03-10 03:16:51 +01:00
}
}