From: Tom Hughes <tom@compton.nu>
Date: Sun, 5 Mar 2023 09:35:57 +0000 (+0000)
Subject: Limit NAT to IPv4 interfaces
X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/534043ca66b46815b0338475a60ad0fac4a90323

Limit NAT to IPv4 interfaces
---

diff --git a/cookbooks/networking/templates/default/nftables.conf.erb b/cookbooks/networking/templates/default/nftables.conf.erb
index 86ead58cf..a3dae7143 100644
--- a/cookbooks/networking/templates/default/nftables.conf.erb
+++ b/cookbooks/networking/templates/default/nftables.conf.erb
@@ -145,8 +145,8 @@ table ip nat {
   chain postrouting {
     type nat hook postrouting priority srcnat;
 
-<%- node.interfaces(:role => :external).each do |external| %>
-<%- node.interfaces(:role => :internal).each do |internal| %>
+<%- node.interfaces(:role => :external, :family => :inet).each do |external| %>
+<%- node.interfaces(:role => :internal, :family => :inet).each do |internal| %>
     oif { <%= external[:interface] %> } ip saddr { <%= internal[:network] %>/<%= internal[:prefix] %> } snat <%= external[:address] %>
 <%- end %>
 <%- end %>