Signed-off-by: Phil Sutter <phil@xxxxxx>
---
files/nftables/Makefile.am | 1 +
files/nftables/all-in-one.nft | 1 +
files/nftables/inet-nat.nft | 8 ++++++++
3 files changed, 10 insertions(+)
create mode 100755 files/nftables/inet-nat.nft
diff --git a/files/nftables/Makefile.am b/files/nftables/Makefile.am
index a93b7978f62d4..2a511cd1729c1 100644
--- a/files/nftables/Makefile.am
+++ b/files/nftables/Makefile.am
@@ -3,6 +3,7 @@ dist_pkgsysconf_DATA = all-in-one.nft \
arp-filter.nft \
bridge-filter.nft \
inet-filter.nft \
+ inet-nat.nft \
ipv4-filter.nft \
ipv4-mangle.nft \
ipv4-nat.nft \
diff --git a/files/nftables/all-in-one.nft b/files/nftables/all-in-one.nft
index 4ccc043259c10..d3aa7f37f29f1 100755
--- a/files/nftables/all-in-one.nft
+++ b/files/nftables/all-in-one.nft
@@ -13,6 +13,7 @@ flush ruleset
# native dual stack IPv4 & IPv6 family
include "./inet-filter.nft"
+include "./inet-nat.nft"
# netdev family at ingress hook. Attached to a given NIC
include "./netdev-ingress.nft"
diff --git a/files/nftables/inet-nat.nft b/files/nftables/inet-nat.nft
new file mode 100755
index 0000000000000..52fcdb543ddab
--- /dev/null
+++ b/files/nftables/inet-nat.nft
@@ -0,0 +1,8 @@
+#!@sbindir@nft -f
+
+table inet nat {
+ chain prerouting { type nat hook prerouting priority -100; }
+ chain input { type nat hook input priority 100; }
+ chain output { type nat hook output priority -100; }
+ chain postrouting { type nat hook postrouting priority 100; }
+}
--
2.21.0
