Ivo C.S. Wingelaar
67681b6fdc
This role is intended for simple port forwarding via `nftables` rules.
25 lines
788 B
Django/Jinja
25 lines
788 B
Django/Jinja
# {{ ansible_managed }}
|
|
|
|
# type nat
|
|
# The chain type will be NAT
|
|
# hook prerouting
|
|
# Apply the rules to the prerouting hook
|
|
# priority filter + 1
|
|
# Set the priority (which determine the order in which
|
|
# rules are evaluated to the predefined `filter` value).
|
|
|
|
# Flush and recreate the entire table
|
|
# https://unix.stackexchange.com/questions/537030/nftables-flush-delete-when-changing-or-creating-new-table
|
|
table inet {{ sce_nft_table_name }}
|
|
flush table inet {{ sce_nft_table_name }}
|
|
|
|
table inet {{ sce_nft_table_name }} {
|
|
chain sce_port_mapping {
|
|
type nat hook prerouting priority filter + 1;
|
|
policy accept;
|
|
{% for item in port_mapping %}
|
|
{% set from_port, to_port = item.split(':') %}
|
|
tcp dport {{ from_port }} counter redirect to :{{ to_port }}
|
|
{% endfor %}
|
|
}
|
|
}
|