# Sample configuration snippet for nftables service.

# Meant to be included by main.nft, not for direct use.

# dedicated table for IPv4

table ip nftables_svc {

	# interfaces to masquerade traffic from

	set masq_interfaces {

		type ifname

		elements = { "virbr0" }

	}

	# networks to masquerade traffic from

	# 'interval' flag is required to support subnets

	set masq_ips {

		type ipv4_addr

		flags interval

		elements = { 192.168.122.0/24 }

	}

	# base-chain to manipulate conntrack in postrouting,

	# will see packets for new or related traffic only

	chain POSTROUTING {

		type nat hook postrouting priority srcnat + 20

		policy accept

		iifname @masq_interfaces oifname != @masq_interfaces masquerade

		ip saddr @masq_ips masquerade

	}

}