#!/usr/sbin/nft -f
#
# Managed by edpm-ansible/edpm_nftables
#
# Ensure we get the iptables layout to make the whole thing 100% compatible,
# even if some other tools are still relying on iptables-nft compatibility
# wrapper

# We will push our edpm rules in the inet table - it avoids rule duplication
# and allows to keep good compatibility with the iptables-nft layer
table inet filter {
        chain INPUT {
                type filter hook input priority filter; policy accept;
        }
        chain FORWARD {
                type filter hook forward priority filter; policy accept;
        }
        chain OUTPUT {
                type filter hook output priority filter; policy accept;
        }
}
table inet raw {
        chain PREROUTING {
                type filter hook prerouting priority raw; policy accept;
        }
        chain OUTPUT {
                type filter hook output priority raw; policy accept;
        }
}
table inet nat {
        chain PREROUTING {
                type nat hook prerouting priority dstnat; policy accept;
        }
        chain INPUT {
                type nat hook input priority 100; policy accept;
        }
        chain OUTPUT {
                type nat hook output priority -100; policy accept;
        }
        chain POSTROUTING {
                type nat hook postrouting priority srcnat; policy accept;
        }
}
# Compatibility tables and chains for iptables-nft
table ip filter {
        chain INPUT {
                type filter hook input priority filter; policy accept;
        }
        chain FORWARD {
                type filter hook forward priority filter; policy accept;
        }
        chain OUTPUT {
                type filter hook output priority filter; policy accept;
        }
}
table ip raw {
        chain PREROUTING {
                type filter hook prerouting priority raw; policy accept;
        }
        chain OUTPUT {
                type filter hook output priority raw; policy accept;
        }
}
table ip nat {
        chain PREROUTING {
                type nat hook prerouting priority dstnat; policy accept;
        }
        chain INPUT {
                type nat hook input priority 100; policy accept;
        }
        chain OUTPUT {
                type nat hook output priority -100; policy accept;
        }
        chain POSTROUTING {
                type nat hook postrouting priority srcnat; policy accept;
        }
}

table ip6 raw {
        chain PREROUTING {
                type filter hook prerouting priority raw; policy accept;
        }
        chain OUTPUT {
                type filter hook output priority raw; policy accept;
        }
}
table ip6 filter {
        chain INPUT {
                type filter hook input priority filter; policy accept;
        }
        chain FORWARD {
                type filter hook forward priority filter; policy accept;
        }
        chain OUTPUT {
                type filter hook output priority filter; policy accept;
        }
}