From ce276d5b22f57e1a878496e1eb85bade20d44a20 Mon Sep 17 00:00:00 2001
From: nd <git@notandy.de>
Date: Sun, 2 Aug 2020 20:28:53 +0200
Subject: [PATCH] added support for nat

---
 defaults/main.yml          |  4 ++++
 templates/nftables.conf.j2 | 14 ++++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/defaults/main.yml b/defaults/main.yml
index 6fe4b5d..bc0290f 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -6,11 +6,15 @@ firewall:
     input: {}
     forward: {}
     output: {}
+    nat_prerouting: {}
+    nat_postrouting: {}
   chains:
     input:
       allow_ssh: tcp dport ssh
     output: {}
     forward: {}
+    nat_prerouting: {}
+    nat_postrouting: {}
   policies:
     input: drop
     output: accept
diff --git a/templates/nftables.conf.j2 b/templates/nftables.conf.j2
index a35f961..5f93349 100644
--- a/templates/nftables.conf.j2
+++ b/templates/nftables.conf.j2
@@ -53,4 +53,18 @@ table inet filter {
 	}
 }
 
+table nat {
+# NAT
+	chain prerouting {
+		type nat hook prerouting priority -100;
+
+{{ nftchain('nat_prerouting') }}
+	}
+	chain postrouting {
+		type nat hook postrouting priority 100;
+
+{{ nftchain('nat_postrouting') }}
+	}
+}
+
 include "/etc/nftables.d/*.nft"