From 12116390acb3b924393fca6ed45101f305b4d35c Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Thu, 4 Jul 2019 12:22:45 +0200 Subject: files: Add inet family nat config Signed-off-by: Phil Sutter Signed-off-by: Pablo Neira Ayuso --- files/nftables/Makefile.am | 1 + files/nftables/all-in-one.nft | 1 + files/nftables/inet-nat.nft | 8 ++++++++ 3 files changed, 10 insertions(+) create mode 100755 files/nftables/inet-nat.nft (limited to 'files') diff --git a/files/nftables/Makefile.am b/files/nftables/Makefile.am index a93b7978..2a511cd1 100644 --- a/files/nftables/Makefile.am +++ b/files/nftables/Makefile.am @@ -3,6 +3,7 @@ dist_pkgsysconf_DATA = all-in-one.nft \ arp-filter.nft \ bridge-filter.nft \ inet-filter.nft \ + inet-nat.nft \ ipv4-filter.nft \ ipv4-mangle.nft \ ipv4-nat.nft \ diff --git a/files/nftables/all-in-one.nft b/files/nftables/all-in-one.nft index 4ccc0432..d3aa7f37 100755 --- a/files/nftables/all-in-one.nft +++ b/files/nftables/all-in-one.nft @@ -13,6 +13,7 @@ flush ruleset # native dual stack IPv4 & IPv6 family include "./inet-filter.nft" +include "./inet-nat.nft" # netdev family at ingress hook. Attached to a given NIC include "./netdev-ingress.nft" diff --git a/files/nftables/inet-nat.nft b/files/nftables/inet-nat.nft new file mode 100755 index 00000000..52fcdb54 --- /dev/null +++ b/files/nftables/inet-nat.nft @@ -0,0 +1,8 @@ +#!@sbindir@nft -f + +table inet nat { + chain prerouting { type nat hook prerouting priority -100; } + chain input { type nat hook input priority 100; } + chain output { type nat hook output priority -100; } + chain postrouting { type nat hook postrouting priority 100; } +} -- cgit v1.2.3