add support for ipv6 nat

defaults/main.yml

@@ -8,6 +8,8 @@ firewall:
     output: {}
     nat_prerouting: {}
     nat_postrouting: {}
+    nat6_prerouting: {}
+    nat6_postrouting: {}
   chains:
     input:
       allow_ssh: tcp dport ssh
@@ -15,6 +17,8 @@ firewall:
     forward: {}
     nat_prerouting: {}
     nat_postrouting: {}
+    nat6_prerouting: {}
+    nat6_postrouting: {}
   policies:
     input: drop
     output: accept

templates/nftables.conf.j2

@@ -60,7 +60,7 @@ table inet filter {
 	}
 }
 
-table nat {
+table ip nat {
 # NAT
 	chain prerouting {
 		type nat hook prerouting priority -100;
@@ -74,4 +74,18 @@ table nat {
 	}
 }
 
+table ip6 nat {
+# NAT
+	chain prerouting {
+		type nat hook prerouting priority -100;
+
+{{ nftchain('nat6_prerouting') }}
+	}
+	chain postrouting {
+		type nat hook postrouting priority 100;
+
+{{ nftchain('nat6_postrouting') }}
+	}
+}
+
 include "/etc/nftables.d/*.nft"