From abe090b25244399b8a8852e69f0f1e4e0c9d1662 Mon Sep 17 00:00:00 2001
From: Emil Renner Berthing <esmil@labitat.dk>
Date: Wed, 15 Nov 2017 22:51:17 +0100
Subject: space_server: nftables: only NAT local addresses

---
 roles/space_server/files/nftables/nftables.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'roles/space_server/files/nftables/nftables.conf')

diff --git a/roles/space_server/files/nftables/nftables.conf b/roles/space_server/files/nftables/nftables.conf
index e2f5eb3..30233b0 100644
--- a/roles/space_server/files/nftables/nftables.conf
+++ b/roles/space_server/files/nftables/nftables.conf
@@ -199,6 +199,6 @@ table ip nat {
 
 	chain postrouting {
 		type nat hook postrouting priority -150;
-		oif $ext_if snat $ext_ip4
+		oif $ext_if ip saddr $int_net4 snat $ext_ip4
         }
 }
-- 
cgit v1.2.1