IPv6 npt nftables: Unterschied zwischen den Versionen

1. NPT-Tabelle erstellen

• sudo nft add table inet nat6

1. NPT-Chain erstellen

• sudo nft add chain inet nat6 npt_chain { type nat hook postrouting priority 0 \; }

1. NPT-Regel hinzufügen

• sudo nft add rule inet nat6 npt_chain ip6 saddr fd00:abcd::/64 oifname "eth0" counter masquerade

#!/usr/sbin/nft -f

table inet my_filter {
    chain input {
        type filter hook input priority 0; policy drop;
    }

    chain forward {
        type filter hook forward priority 0; policy drop;
    }

    chain output {
        type filter hook output priority 0; policy accept;
    }
}

table inet my_nat {
    chain prerouting {
        type nat hook prerouting priority 0; policy accept;
    }

    chain postrouting {
        type nat hook postrouting priority 100; policy accept;

        ip6 saddr <internal_ula_subnet> oifname "eth0" map to <external_gua_subnet>
        ip6 daddr <external_gua_subnet> iifname "eth0" map to <internal_ula_subnet>
    }
}