From 6d55fb5efeb4b63a71826bf76377db2704b17bd4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ma=C3=ABl=20Gramain?= <mael@enpls.org>
Date: Tue, 26 Mar 2024 15:53:43 +0100
Subject: [PATCH] nftables

---
 rt-mep/nftables.conf | 43 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 rt-mep/nftables.conf

diff --git a/rt-mep/nftables.conf b/rt-mep/nftables.conf
new file mode 100644
index 0000000..a3917fe
--- /dev/null
+++ b/rt-mep/nftables.conf
@@ -0,0 +1,43 @@
+#!/usr/sbin/nft -f
+# /etc/nftables.conf
+
+flush ruleset
+
+# Define variables for interfaces and IP addresses
+define LAN = eth1
+define WAN = eth0
+define LAN_SUBNET = 10.100.2.0/24
+define WAN_IP = 45.139.163.92
+
+
+table inet nat {
+    chain prerouting {
+        type nat hook prerouting priority 0;
+    }
+
+    chain postrouting {
+        type nat hook postrouting priority 100;
+        oifname $WAN masquerade;
+    }
+
+    chain output {
+        type nat hook output priority -100;
+    }
+}
+
+table inet filter {
+    chain input {
+        type filter hook input priority 0;
+    }
+
+    chain forward {
+        type filter hook forward priority 0;
+
+        # Forward LAN traffic to WAN
+        iifname $LAN ip saddr $LAN_SUBNET oifname $WAN accept;
+    }
+
+    chain output {
+        type filter hook output priority 0;
+    }
+}