paulbsd/paulbsd-salt
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

updated nftables state
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Paul 2024-09-25 20:57:47 +02:00
parent 7bc009d797
commit 717a13334d
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
states/nftables/templates/rules.nft.j2
View File

@ -39,8 +39,8 @@ add chain ip nat OUTPUT { type nat hook output priority -100; policy accept; }
add chain ip nat POSTROUTING { type nat hook postrouting priority srcnat; policy accept; }
add chain ip nat DOCKER
### Main NAT rules
{%- for network in net.nats %}
### IPv4 NAT rules
{%- for network in net.nat4 %}
add rule ip nat POSTROUTING ip saddr {{ network }} counter masquerade
{%- endfor %}
@ -77,4 +77,16 @@ add rule ip6 filter6 INPUT counter log
{%- endif %}
#add rule ip6 filter6 INPUT counter log reject
## IPv6 NAT
add table ip6 nat6
add chain ip6 nat6 PREROUTING { type nat hook prerouting priority dstnat; policy accept; }
add chain ip6 nat6 INPUT { type nat hook input priority 1; policy accept; }
add chain ip6 nat6 OUTPUT { type nat hook output priority -100; policy accept; }
add chain ip6 nat6 POSTROUTING { type nat hook postrouting priority srcnat; policy accept; }
### IPv6 NAT rules
{%- for network in net.nat6 %}
add rule ip6 nat6 POSTROUTING ip6 saddr {{ network }} counter masquerade
{%- endfor %}
## Endline is mandatory