911625
# Sample configuration snippet for nftables service.
911625
# Meant to be included by main.nft, not for direct use.
911625
911625
# dedicated table for IPv4
911625
table ip nftables_svc {
911625
911625
	# interfaces to masquerade traffic from
911625
	set masq_interfaces {
911625
		type ifname
911625
		elements = { "virbr0" }
911625
	}
911625
911625
	# networks to masquerade traffic from
911625
	# 'interval' flag is required to support subnets
911625
	set masq_ips {
911625
		type ipv4_addr
911625
		flags interval
911625
		elements = { 192.168.122.0/24 }
911625
	}
911625
911625
	# base-chain to manipulate conntrack in postrouting,
911625
	# will see packets for new or related traffic only
911625
	chain POSTROUTING {
911625
		type nat hook postrouting priority srcnat + 20
911625
		policy accept
911625
911625
		iifname @masq_interfaces oifname != @masq_interfaces masquerade
911625
		ip saddr @masq_ips masquerade
911625
	}
911625
}