#! /sbin/nft -f table ip nat { chain prerouting { type nat hook prerouting priority 0; meta iifname $if_prerezotage ip daddr != { $intranet, $comnpay, $website } tcp dport {http,https} dnat $bounce_server; } chain postrouting { type nat hook postrouting priority 100 meta oifname != $if_supelec return meta iifname vmap { $if_adherent : goto adh_nat, $if_admin : goto adm_nat, $if_aloes : goto aloes_nat, $if_federez : goto federez_nat, $if_prerezotage : goto prerezotage_nat, } ip saddr 10.0.0.0/8 masquerade } }