Tree - rpms/nftables - CentOS Git server

Blob History Raw

		3730f4	`# Sample configuration snippet for nftables service.`
		3730f4	`# Meant to be included by main.nft, not for direct use.`
		3730f4
		3730f4	`# dedicated table for IPv4`
		3730f4	`table ip nftables_svc {`
		3730f4
		3730f4	`# interfaces to masquerade traffic from`
		3730f4	`set masq_interfaces {`
		3730f4	`type ifname`
		3730f4	`elements = { "virbr0" }`
		3730f4	`}`
		3730f4
		3730f4	`# networks to masquerade traffic from`
		3730f4	`# 'interval' flag is required to support subnets`
		3730f4	`set masq_ips {`
		3730f4	`type ipv4_addr`
		3730f4	`flags interval`
		3730f4	`elements = { 192.168.122.0/24 }`
		3730f4	`}`
		3730f4
		3730f4	`# base-chain to manipulate conntrack in postrouting,`
		3730f4	`# will see packets for new or related traffic only`
		3730f4	`chain POSTROUTING {`
		3730f4	`type nat hook postrouting priority srcnat + 20`
		3730f4	`policy accept`
		3730f4
		3730f4	`iifname @masq_interfaces oifname != @masq_interfaces masquerade`
		3730f4	`ip saddr @masq_ips masquerade`
		3730f4	`}`
		3730f4	`}`