updated nftables state

states/nftables/templates/rules.nft.j2

@@ -39,8 +39,8 @@ add chain ip nat OUTPUT { type nat hook output priority -100; policy accept; }
 add chain ip nat POSTROUTING { type nat hook postrouting priority srcnat; policy accept; }
 add chain ip nat DOCKER
 
-### Main NAT rules
+### IPv4 NAT rules
-{%- for network in net.nats %}
+{%- for network in net.nat4 %}
 add rule ip nat POSTROUTING ip saddr {{ network }} counter masquerade
 {%- endfor %}
 
@@ -77,4 +77,16 @@ add rule ip6 filter6 INPUT counter log
 {%- endif %}
 #add rule ip6 filter6 INPUT counter log reject
 
+## IPv6 NAT
+add table ip6 nat6
+add chain ip6 nat6 PREROUTING { type nat hook prerouting priority dstnat; policy accept; }
+add chain ip6 nat6 INPUT { type nat hook input priority 1; policy accept; }
+add chain ip6 nat6 OUTPUT { type nat hook output priority -100; policy accept; }
+add chain ip6 nat6 POSTROUTING { type nat hook postrouting priority srcnat; policy accept; }
+
+### IPv6 NAT rules
+{%- for network in net.nat6 %}
+add rule ip6 nat6 POSTROUTING ip6 saddr {{ network }} counter masquerade
+{%- endfor %}
+
 ## Endline is mandatory