| Zack Williams | e695dea | 2020-11-19 17:17:40 -0700 | [diff] [blame^] | 1 | #!/usr/sbin/nft -f |
| 2 | {# |
| 3 | SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org> |
| 4 | SPDX-License-Identifier: Apache-2.0 |
| 5 | #} |
| 6 | |
| 7 | flush ruleset |
| 8 | |
| 9 | # Primary rules |
| 10 | table inet filter { |
| 11 | chain input { |
| 12 | type filter hook input priority 0; |
| 13 | } |
| 14 | chain forward { |
| 15 | type filter hook forward priority 0; |
| 16 | } |
| 17 | chain output { |
| 18 | type filter hook output priority 0; |
| 19 | } |
| 20 | } |
| 21 | |
| 22 | # NAT |
| 23 | table ip nat { |
| 24 | chain prerouting { |
| 25 | type nat hook prerouting priority -100; |
| 26 | } |
| 27 | |
| 28 | chain postrouting { |
| 29 | type nat hook postrouting priority 100; |
| 30 | oifname "{{ netprep_nat_if }}" masquerade; |
| 31 | } |
| 32 | } |