{{ ansible_managed | comment }}

table ip nat {

    chain prerouting {
        type nat hook prerouting priority -100
        policy accept
    }

    chain snat_to_wan {
        log prefix "snat-to-wan" group 0

        ip saddr $member_priv_v4 snat $member_nat_v4 persistent
        snat $any_nat_v4 persistent
    }

    chain postrouting {
        type nat hook prerouting priority 100
        policy accept

        # oifname $wan_iface goto snat_to_wan
    }

}