type filter hook input priority filter;
<%- unless @interfaces.empty? %>
- iif { $external-interfaces } jump incoming
+ iifname { $external-interfaces } jump incoming
<%- end %>
accept
type filter hook forward priority filter;
<%- unless @interfaces.empty? %>
- iif { $external-interfaces } jump incoming
- oif { $external-interfaces } jump outgoing
+ iifname { $external-interfaces } jump incoming
+ oifname { $external-interfaces } jump outgoing
<%- end %>
accept
type filter hook output priority filter;
<%- unless @interfaces.empty? %>
- oif { $external-interfaces } jump outgoing
+ oifname { $external-interfaces } jump outgoing
<%- end %>
accept
chain postrouting {
type nat hook postrouting priority srcnat;
-<%- node.interfaces(:role => :external).each do |external| %>
-<%- node.interfaces(:role => :internal).each do |internal| %>
- oif { <%= external[:interface] %> } ip saddr { <%= internal[:network] %>/<%= internal[:prefix] %> } snat <%= external[:address] %>
+<%- node.interfaces(:role => :external, :family => :inet).each do |external| %>
+<%- node.interfaces(:role => :internal, :family => :inet).each do |internal| %>
+ oifname { <%= external[:interface] %> } ip saddr { <%= internal[:network] %>/<%= internal[:prefix] %> } snat <%= external[:address] %>
<%- end %>
<%- end %>
}