+ firewall {'80 dnatv6':
+ provider => 'ip6tables',
+ proto => 'tcp',
+ dport => '80',
+ jump => 'DNAT',
+ todest => "[${$ipsv6[front-nginx]}]:80",
+ iniface => $internet_iface,
+ table => 'nat',
+ chain => 'PREROUTING'
+ } ->
+ firewall {'80 dnatv6-https':
+ provider => 'ip6tables',
+ proto => 'tcp',
+ dport => '443',
+ jump => 'DNAT',
+ todest => "[${$ipsv6[front-nginx]}]:443",
+ iniface => $internet_iface,
+ table => 'nat',
+ chain => 'PREROUTING'
+ } ->
+ firewall {'80 MASQ-v6':
+ provider => 'ip6tables',
+ chain => 'POSTROUTING',
+ table => 'nat',
+ proto => 'all',
+ jump => 'MASQUERADE',
+ source => "[fc00:1::]/64",
+ outiface => $internet_iface,
+ } ->
+ firewall { '80 dnat-git':
+ proto => 'tcp',
+ dport => '9418',
+ jump => 'DNAT',
+ todest => "${$ips[gitweb]}:9418",
+ iniface => $internet_iface,
+ table => 'nat',
+ chain => 'PREROUTING',
+ } ->