# Sample configuration snippet for nftables service.
# Meant to be included by main.nft, not for direct use.

# dedicated table for IPv4
table ip nftables_svc {

	# interfaces to masquerade traffic from
	set masq_interfaces {
		type ifname
		elements = { "virbr0" }
	}

	# networks to masquerade traffic from
	# 'interval' flag is required to support subnets
	set masq_ips {
		type ipv4_addr
		flags interval
		elements = { 192.168.122.0/24 }
	}

	# base-chain to manipulate conntrack in postrouting,
	# will see packets for new or related traffic only
	chain POSTROUTING {
		type nat hook postrouting priority srcnat + 20
		policy accept

		iifname @masq_interfaces oifname != @masq_interfaces masquerade
		ip saddr @masq_ips masquerade
	}
}