1 files changed, 40 insertions, 0 deletions

diff --git a/data/templates/firewall/nftables-nat66.j2 b/data/templates/firewall/nftables-nat66.j2
new file mode 100644
index 0000000..67eb2c1
--- /dev/null
+++ b/data/templates/firewall/nftables-nat66.j2
@@ -0,0 +1,40 @@
+#!/usr/sbin/nft -f
+
+{% if first_install is not vyos_defined %}
+delete table ip6 vyos_nat
+{% endif %}
+table ip6 vyos_nat {
+    #
+    # Destination NAT66 rules build up here
+    #
+    chain PREROUTING {
+        type nat hook prerouting priority -100; policy accept;
+        counter jump VYOS_DNPT_HOOK
+{% if destination.rule is vyos_defined %}
+{%     for rule, config in destination.rule.items() if config.disable is not vyos_defined %}
+        {{ config | nat_rule(rule, 'destination', ipv6=True) }}
+{%     endfor %}
+{% endif %}
+    }
+
+    #
+    # Source NAT66 rules build up here
+    #
+    chain POSTROUTING {
+        type nat hook postrouting priority 100; policy accept;
+        counter jump VYOS_SNPT_HOOK
+{% if source.rule is vyos_defined %}
+{%     for rule, config in source.rule.items() if config.disable is not vyos_defined %}
+        {{ config | nat_rule(rule, 'source', ipv6=True) }}
+{%     endfor %}
+{% endif %}
+    }
+
+    chain VYOS_DNPT_HOOK {
+        return
+    }
+
+    chain VYOS_SNPT_HOOK {
+        return
+    }
+}