Gitiles
Code Review Sign In
gerrit.opencord.org / ansible / role / netprep / 021d7a96e1bd297dc718d766d02afa04b595355b / . / templates / nftables.conf.j2
blob: 95c14399c9e475f56952331b91730c88db4cf123 [file] [log] [blame]
Zack Williamse695dea2020-11-19 17:17:40 -0700[diff] [blame]1#!/usr/sbin/nft -f
2{#
3SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
4SPDX-License-Identifier: Apache-2.0
5#}
6
7flush ruleset
8
9# Primary rules
10table inet filter {
Zack Williams71e48922020-12-09 13:23:54 -0700[diff] [blame]11 chain input {
12 type filter hook input priority 0;
13 }
14 chain forward {
15 type filter hook forward priority 0;
16 }
17 chain output {
18 type filter hook output priority 0;
19 }
Zack Williamse695dea2020-11-19 17:17:40 -0700[diff] [blame]20}
21
22# NAT
23table ip nat {
Zack Williams71e48922020-12-09 13:23:54 -0700[diff] [blame]24 chain prerouting {
25 type nat hook prerouting priority -100;
26 }
Zack Williamse695dea2020-11-19 17:17:40 -0700[diff] [blame]27
Zack Williams71e48922020-12-09 13:23:54 -0700[diff] [blame]28 chain postrouting {
29 type nat hook postrouting priority 100;
30 oifname "{{ netprep_nat_if }}" masquerade;
31{% if netprep_nftables_nat_postrouting %}
32{{ netprep_nftables_nat_postrouting | indent(width=4) }}
33{% endif %}
34 }
Zack Williamse695dea2020-11-19 17:17:40 -0700[diff] [blame]35}