firewall/nat.nft

#! /sbin/nft -f

table ip nat {
	chain prerouting {
		type nat hook prerouting priority 0;
		meta iifname $if_prerezotage ip daddr != { $intranet, $comnpay, $website } tcp dport {http,https} dnat $bounce_server;
	}


	chain postrouting {
		type nat hook postrouting priority 100

		# ip saddr 10.0.0.0/8 snat to 193.48.225.3
		meta oifname $if_supelec snat to 193.48.225.3

	}

}