From b465587c3c41764c085fb0da428ac43b66cbc8fa Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@sevenseas.org>
Date: Sat, 11 Jun 2016 16:56:12 +0200
Subject: [PATCH] library/roles/iptables/templates/iptables-rules.v4.j2: fix
 the template so that it manages NAT correctly.

---
 iptables/templates/iptables-rules.v4.j2 | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/iptables/templates/iptables-rules.v4.j2 b/iptables/templates/iptables-rules.v4.j2
index 95d93951..683f019f 100644
--- a/iptables/templates/iptables-rules.v4.j2
+++ b/iptables/templates/iptables-rules.v4.j2
@@ -252,14 +252,21 @@
 {% else %}
 # NAT is enabled, we need to accept traffic that is forwarded
 -A FORWARD -j ACCEPT
+{% endif %}
+COMMIT
+{% if iptables_nat_enabled %}
 # NAT rules
 *nat
+:PREROUTING ACCEPT [0:0]
+:INPUT ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
 {% if iptables_nat_specify_interfaces %}
-{% for int in iptables_nat_interface %}
+{% for int in iptables_nat_interfaces %}
 -A POSTROUTING -o {{ int }} -j MASQUERADE
 {% endfor %}
 {% else %}
 -A POSTROUTING  -j MASQUERADE
 {% endif %}
-
 COMMIT
+{% endif %}