rc/network
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Revert "firewall: configure NAT from NetBox data"

Browse source 
Changed my mind. All NAT and VPN is configured from the app now.
This commit is contained in:
Timotej Lazar 2024-04-30 20:59:49 +02:00
parent 8a9d47f176
commit 7656c05b2d
1 changed files with 0 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
roles/firewall/templates/nftables.nft.j2
View file

@ -108,25 +108,12 @@ table ip nat {
map netmap-in { type ipv4_addr : interval ipv4_addr; flags interval; }
map netmap-out { type ipv4_addr : interval ipv4_addr; flags interval; }
map nat {
type ipv4_addr : interval ipv4_addr; flags interval
elements = {
{% for prefix in vrf_prefixes | selectattr('family.value', '==', 4) | selectattr('custom_fields.nat') %}
{{ prefix.prefix }} : {{ prefix.custom_fields.nat.address | ipmath(0) }}
{{- '' if loop.last else ',' }} # {{ prefix.vlan.name }}
{% endfor %}
}
}
chain postrouting {
type nat hook postrouting priority srcnat
iif @inside oif @outside snat ip prefix to ip saddr map @netmap-out \
comment "Static source NAT for 1:1 mapped addresses"
iif @inside oif @outside snat to ip saddr map @nat \
comment "Dynamic NAT for private IPv4 networks"
include "/etc/nftables.d/nat.nft*"
}