initial

ts/nft.rulebuilder.table.ts

@@ -0,0 +1,30 @@
+import type { TNftFamily } from './nft.types.js';
+
+/**
+ * Build commands to create the nftables table and NAT chains (prerouting + postrouting).
+ */
+export function buildTableSetup(tableName: string, family: TNftFamily = 'ip'): string[] {
+  return [
+    `nft add table ${family} ${tableName}`,
+    `nft add chain ${family} ${tableName} prerouting { type nat hook prerouting priority 0 \\; }`,
+    `nft add chain ${family} ${tableName} postrouting { type nat hook postrouting priority 100 \\; }`,
+  ];
+}
+
+/**
+ * Build commands to create filter chains (input, forward, output).
+ */
+export function buildFilterChains(tableName: string, family: TNftFamily = 'ip'): string[] {
+  return [
+    `nft add chain ${family} ${tableName} input { type filter hook input priority 0 \\; policy accept \\; }`,
+    `nft add chain ${family} ${tableName} forward { type filter hook forward priority 0 \\; policy accept \\; }`,
+    `nft add chain ${family} ${tableName} output { type filter hook output priority 0 \\; policy accept \\; }`,
+  ];
+}
+
+/**
+ * Build command to delete the entire nftables table.
+ */
+export function buildTableCleanup(tableName: string, family: TNftFamily = 'ip'): string[] {
+  return [`nft delete table ${family} ${tableName}`];
+}