[Unit]
Wants=network-online.target
After=network-online.target


[Service]
Type=oneshot

{% if 'ip_snat' in item.value %}
ExecStart=/usr/sbin/sysctl net.ipv4.ip_forward=1
{%   for addr in item.value.addresses %}
ExecStart=/sbin/iptables -t nat -A POSTROUTING -s {{ addr | ipaddr('network/prefix') }} -o {{ item.value.ip_snat.interface }} -j SNAT --to {{ item.value.ip_snat.to }}
{%   endfor %}
{% endif %}
{% for forward in item.value.port_forwardings | default([]) %}
{%   for port in forward.tcp_ports | default([]) %}
ExecStart=/sbin/iptables -t nat -A PREROUTING -d {{ forward.dest }} -p tcp --dport {{ port }} -j DNAT --to {{ forward.tcp_ports[port] }}
{%   endfor %}
{%   for port in forward.udp_ports | default([]) %}
ExecStart=/sbin/iptables -t nat -A PREROUTING -d {{ forward.dest }} -p udp --dport {{ port }} -j DNAT --to {{ forward.udp_ports[port] }}
{%   endfor %}
{% endfor %}

{% if 'ip_snat' in item.value %}
{%   for addr in item.value.addresses %}
ExecStop=/sbin/iptables -t nat -D POSTROUTING -s {{ addr | ipaddr('network/prefix') }} -o {{ item.value.ip_snat.interface }} -j SNAT --to {{ item.value.ip_snat.to }}
{%   endfor %}
{% endif %}
{% for forward in item.value.port_forwardings | default([]) %}
{%   for port in forward.tcp_ports | default([]) %}
ExecStop=/sbin/iptables -t nat -D PREROUTING -d {{ forward.dest }} -p tcp --dport {{ port }} -j DNAT --to {{ forward.tcp_ports[port] }}
{%   endfor %}
{%   for port in forward.udp_ports | default([]) %}
ExecStop=/sbin/iptables -t nat -D PREROUTING -d {{ forward.dest }} -p udp --dport {{ port }} -j DNAT --to {{ forward.udp_ports[port] }}
{%   endfor %}
{% endfor %}

RemainAfterExit=yes


[Install]
WantedBy=multi-user.target