From dbf32dccb63452cfbadec498fad0b3e912dbf342 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Th=C3=A9ophile=20Bastian?= <contact@tobast.fr>
Date: Sat, 8 Mar 2025 21:28:23 +0100
Subject: [PATCH] Nftables: add support for nat table

---
 roles/nftables/tasks/main.yml                      |  3 +++
 roles/nftables/templates/nftables/nftables.conf.j2 | 13 +++++++++++++
 2 files changed, 16 insertions(+)

diff --git a/roles/nftables/tasks/main.yml b/roles/nftables/tasks/main.yml
index d3e929e..0535458 100644
--- a/roles/nftables/tasks/main.yml
+++ b/roles/nftables/tasks/main.yml
@@ -16,6 +16,9 @@
     - 'filter-input.d'
     - 'filter-forward.d'
     - 'filter-output.d'
+    - 'nat-toplevel.d'
+    - 'nat-prerouting.d'
+    - 'nat-postrouting.d'
 - name: deploy nftables root configuration
   template:
     src: "nftables/nftables.conf.j2"
diff --git a/roles/nftables/templates/nftables/nftables.conf.j2 b/roles/nftables/templates/nftables/nftables.conf.j2
index d92d625..9ab743e 100644
--- a/roles/nftables/templates/nftables/nftables.conf.j2
+++ b/roles/nftables/templates/nftables/nftables.conf.j2
@@ -48,3 +48,16 @@ table inet filter {
         include "/etc/nftables/filter-output.d/*.conf"
     }
 }
+
+table inet nat {
+    include "/etc/nftables/nat-toplevel.d/*.conf"
+
+    chain prerouting {
+        type nat hook prerouting priority 100; policy accept;
+        include "/etc/nftables/nat-prerouting.d/*.conf"
+    }
+    chain postrouting {
+        type nat hook postrouting priority 100; policy accept;
+        include "/etc/nftables/nat-postrouting.d/*.conf"
+    }
+}