#!/usr/sbin/nft -f

define n_tele4 = 198.18.0.0/15
define n_tele6 = 2001:db8:11::/80

table inet uni {

    map tele4 { type ipv4_addr : ipv4_addr ; flags dynamic,timeout ; timeout 1m ; }
    map tele6 { type ipv6_addr : ipv6_addr ; flags dynamic,timeout ; timeout 1m ; }

    chain gtfo {
        reject with icmpx type host-unreachable
        drop
    }

    chain dnat_tele4 {
        meta nfproto ipv4 meta l4proto tcp dnat ip to ip daddr map @tele4
        meta nfproto ipv4 meta l4proto udp dnat ip to ip daddr map @tele4
        goto gtfo
    }

    chain dnat_tele6 {
        meta nfproto ipv6 meta l4proto tcp dnat ip6 to ip6 daddr map @tele6
        meta nfproto ipv6 meta l4proto udp dnat ip6 to ip6 daddr map @tele6
        goto gtfo
    }

    chain dnat_map4 {
        ip daddr vmap {
            $n_tele4 : goto dnat_tele4,
        }
        return
    }

    chain dnat_map6 {
        ip6 daddr vmap {
            $n_tele6 : goto dnat_tele6,
        }
        return
    }

    chain nat_prerouting {
        type nat hook prerouting priority dstnat;

        meta nfproto vmap {
            ipv4 : jump dnat_map4,
            ipv6 : jump dnat_map6,
        }
    }

    chain nat_output {
        type nat hook output priority dstnat;

        meta nfproto vmap {
            ipv4 : jump dnat_map4,
            ipv6 : jump dnat_map6,
        }
    }

    chain nat_postrouting {
        type nat hook postrouting priority srcnat;

        meta oiftype != loopback masquerade
    }

}