Subversion Repositories configs

Rev

Details | Last modification | View Log | RSS feed

Rev Author Line No. Line
192 - 1 
# Sample configuration snippet for nftables service.
2 
# Meant to be included by main.nft, not for direct use.
3 
 
4 
# dedicated table for IPv4
5 
table ip nftables_svc {
6 
 
7 
	# interfaces to masquerade traffic from
8 
	set masq_interfaces {
9 
		type ifname
10 
		elements = { "virbr0" }
11 
	}
12 
 
13 
	# networks to masquerade traffic from
14 
	# 'interval' flag is required to support subnets
15 
	set masq_ips {
16 
		type ipv4_addr
17 
		flags interval
18 
		elements = { 192.168.122.0/24 }
19 
	}
20 
 
21 
	# base-chain to manipulate conntrack in postrouting,
22 
	# will see packets for new or related traffic only
23 
	chain POSTROUTING {
24 
		type nat hook postrouting priority srcnat + 20
25 
		policy accept
26 
 
27 
		iifname @masq_interfaces oifname != @masq_interfaces masquerade
28 
		ip saddr @masq_ips masquerade
29 
	}
30 
}