ansible-edda/playbooks/filesystem/valkyrie/usr/local/sbin/post-up-br0.nft.j2

#!/usr/bin/env -S nft -f

table ip br0_nat {
        chain prerouting {
                type nat hook prerouting priority -100;
                iif {{ ethx }} tcp dport { 80, 443 } dnat to {{ vpn_reverse_proxy_address }};
        }

        chain postrouting {
                type nat hook postrouting priority 100;
                iif br0 oif {{ ethx }} masquerade;
        }
}