1
cat << "EOF" > /etc/nftables.d/npt6.sh
2
LAN_IF="lan"
3
WAN_IF="wan_isp1_6 wan_isp2_6"
4

5
. /lib/functions/network.sh
6
network_flush_cache
7
network_get_prefix_assignment6 LAN_PFX "${LAN_IF}"
8

9
for WAN_IF in ${WAN_IF}; do
10
    network_get_device WAN_DEV "${WAN_IF}"
11
    network_get_prefix6 WAN_PFX "${WAN_IF}"
12

13
    nft add rule inet fw4 srcnat \
14
        oif "${WAN_DEV}" snat prefix to ip6 \
15
        saddr map { "${LAN_PFX}" : "${WAN_PFX}" }
16

17
    nft add rule inet fw4 dstnat \
18
        iif "${WAN_DEV}" dnat prefix to ip6 \
19
        daddr map { "${WAN_PFX}" : "${LAN_PFX}" }
20
done
21
EOF
22

23
uci -q delete firewall.npt6
24
uci set firewall.npt6="include"
25
uci set firewall.npt6.path="/etc/nftables.d/npt6.sh"
26
uci commit firewall
27
service firewall restart