====== nftables ======

  * S-NAT

<file - /etc/nftables.conf>
flush ruleset

table inet filter {
    chain input {
        type filter hook input priority filter;
    }

    chain forward {
        type filter hook forward priority filter;
    }

    chain output {
        type filter hook output priority filter;
    }
}

table ip nat {
    chain postrouting {
        type nat hook postrouting priority 100;
        ip saddr 0.0.0.0/0 oifname "tun*" masquerade;
    }
}
</file>

  * D-NAT

<code>
nft add table nat
nft 'add chain nat output { type nat hook output priority -100; }'
nft 'add rule nat output ip daddr 172.23.4.124 dnat to 192.168.67.10'
</code>