Subversion Repositories configs

# Sample configuration snippet for nftables service.
# Meant to be included by main.nft, not for direct use.

# dedicated table for IPv4
table ip nftables_svc {

        # interfaces to masquerade traffic from
        set masq_interfaces {
                type ifname
                elements = { "virbr0" }
        }

        # networks to masquerade traffic from
        # 'interval' flag is required to support subnets
        set masq_ips {
                type ipv4_addr
                flags interval
                elements = { 192.168.122.0/24 }
        }

        # base-chain to manipulate conntrack in postrouting,
        # will see packets for new or related traffic only
        chain POSTROUTING {
                type nat hook postrouting priority srcnat + 20
                policy accept

                iifname @masq_interfaces oifname != @masq_interfaces masquerade
                ip saddr @masq_ips masquerade
        }
}