Initial commit of netprep role
Change-Id: I2fb7fbaa37a70d29dee35d491c166088a3fae297
diff --git a/templates/nftables.conf.j2 b/templates/nftables.conf.j2
new file mode 100644
index 0000000..d24b47f
--- /dev/null
+++ b/templates/nftables.conf.j2
@@ -0,0 +1,32 @@
+#!/usr/sbin/nft -f
+{#
+SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
+SPDX-License-Identifier: Apache-2.0
+#}
+
+flush ruleset
+
+# Primary rules
+table inet filter {
+ chain input {
+ type filter hook input priority 0;
+ }
+ chain forward {
+ type filter hook forward priority 0;
+ }
+ chain output {
+ type filter hook output priority 0;
+ }
+}
+
+# NAT
+table ip nat {
+ chain prerouting {
+ type nat hook prerouting priority -100;
+ }
+
+ chain postrouting {
+ type nat hook postrouting priority 100;
+ oifname "{{ netprep_nat_if }}" masquerade;
+ }
+}