firewall/nat.nft

#! /sbin/nft -f

table ip nat {
	chain prerouting {
		type nat hook prerouting priority 0;
		meta iifname $if_prerezotage ip daddr != { $intranet, $comnpay, $website } tcp dport {http,https} dnat $bounce_server;
	}


	chain postrouting {
		type nat hook postrouting priority 100

		meta oifname != $if_supelec return

		meta iifname vmap {
			$if_adherent : jump adherent_nat,
			$if_admin : jump admin_nat,
			$if_federez : jump federez_nat,
			$if_aloes : jump aloes_nat,
			$if_prerezotage : jump prerezotage_nat
		}

		counter

		# ip saddr 10.0.0.0/8 snat to 193.48.225.3
		snat to 193.48.225.3

	}

}