ansible/roles/nftables_router/templates/nftables.d/60-nat.conf.j2

{{ ansible_managed | comment }}

table ip nat {

    chain prerouting {
        type nat hook prerouting priority -100
        policy accept
    }

    chain snat_to_wan {
        log prefix "snat-to-wan" group 0

        ip saddr $member_priv_v4 snat $member_nat_v4 persistent
        snat $any_nat_v4 persistent
    }

    chain postrouting {
        type nat hook postrouting priority 100
        policy accept

        oifname $wan_iface goto snat_to_wan
    }

}
Create role for nftables router 2021-03-10 03:16:51 +01:00			`{{ ansible_managed \| comment }}`

			`table ip nat {`

			`chain prerouting {`
			`type nat hook prerouting priority -100`
			`policy accept`
			`}`

			`chain snat_to_wan {`
			`log prefix "snat-to-wan" group 0`

			`ip saddr $member_priv_v4 snat $member_nat_v4 persistent`
			`snat $any_nat_v4 persistent`
			`}`

			`chain postrouting {`
Typo 'prerouting' v. 'postrouting' 2021-03-10 04:08:10 +01:00			`type nat hook postrouting priority 100`
Create role for nftables router 2021-03-10 03:16:51 +01:00			`policy accept`

Typo 'prerouting' v. 'postrouting' 2021-03-10 04:08:10 +01:00			`oifname $wan_iface goto snat_to_wan`
Create role for nftables router 2021-03-10 03:16:51 +01:00			`}`

			`}`