From c624e52a8357da8db022831b86f2c85bb7bfed2f Mon Sep 17 00:00:00 2001
From: Emil Renner Berthing <esmil@labitat.dk>
Date: Wed, 5 Dec 2018 19:07:35 +0100
Subject: space_server: enable NAT64/DNS64 network

---
 roles/space_server/files/nftables.conf | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'roles/space_server/files/nftables.conf')

diff --git a/roles/space_server/files/nftables.conf b/roles/space_server/files/nftables.conf
index 0cb7c4f..8b3124c 100644
--- a/roles/space_server/files/nftables.conf
+++ b/roles/space_server/files/nftables.conf
@@ -38,9 +38,11 @@ define pass_ip4  = 10.42.4.1
 define pass_net4 = 10.42.4.0/24
 define pass_net6 = 2a01:4262:1ab:e::/64
 
-#define nat64_if   = nat64
-#define nat64_net  = 10.42.255.0/24
-#define nat64_net6 = fde2:52b4:4a19:ffff::/96
+define futu_if   = lan15
+define futu_net6 = 2a01:4262:1ab:f::/64
+
+define nat64_if   = nat64
+define nat64_net4 = 10.42.128.0/17
 
 define colo_if   = lan20
 define colo_ip4  = 185.38.175.65
@@ -116,6 +118,7 @@ table ip filter {
 		iif $priv_if ip saddr $priv_net4 accept
 		iif $free_if ip saddr $free_net4 ip daddr != $int_net4 accept
 		iif $pass_if ip saddr $pass_net4 accept
+		iif $nat64_if ip saddr $nat64_net4 accept
 		iif $colo_if ip saddr $colo_net4 ip daddr != $int_net4 accept
 		oif $colo_if accept
 
@@ -171,6 +174,7 @@ table ip6 filter {
 		iif $priv_if ip6 saddr $priv_net6 accept
 		iif $free_if ip6 saddr $free_net6 ip6 daddr != $ext_net6 accept
 		iif $pass_if ip6 saddr $pass_net6 accept
+		iif $futu_if ip6 saddr $futu_net6 accept
 		iif $colo_if ip6 saddr $colo_net6 ip6 daddr != $ext_net6 accept
 		oif $colo_if accept
 
-- 
cgit v1.2.1