added support for nat

defaults/main.yml

@@ -6,11 +6,15 @@ firewall:
     input: {}
     forward: {}
     output: {}
+    nat_prerouting: {}
+    nat_postrouting: {}
   chains:
     input:
       allow_ssh: tcp dport ssh
     output: {}
     forward: {}
+    nat_prerouting: {}
+    nat_postrouting: {}
   policies:
     input: drop
     output: accept

templates/nftables.conf.j2

@@ -53,4 +53,18 @@ table inet filter {
 	}
 }
 
+table nat {
+# NAT
+	chain prerouting {
+		type nat hook prerouting priority -100;
+
+{{ nftchain('nat_prerouting') }}
+	}
+	chain postrouting {
+		type nat hook postrouting priority 100;
+
+{{ nftchain('nat_postrouting') }}
+	}
+}
+
 include "/etc/nftables.d/*.nft"