{ lib, ... }:
with (import ./names-and-numbers.nix);
{
  networking.interfaces = {
    ${ftthIface} = {
      useDHCP = false;
    };
  };
  networking.networkmanager.unmanaged = [ ftthIface ];
  networking.nftables.ruleset = lib.mkAfter ''
    table inet filter {
      chain input {
        iifname ${ftthIface} jump input-net
        iifname ${ftthIface} log level warn prefix "input-net: " counter drop
      }
      chain output {
        oifname ${ftthIface} jump output-net
        oifname ${ftthIface} log level warn prefix "output-net: " counter drop
      }
      chain forward-to-net {
      }
      chain forward-from-net {
      }
      chain forward {
        iifname { ${wifiIface}, ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } oifname ${ftthIface} goto forward-to-net
        iifname ${ftthIface} oifname { ${wifiIface}, ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } goto forward-from-net
      }
    }
    table inet nat {
      chain postrouting {
        iifname { ${wifiIface}, ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } oifname ${ftthIface} masquerade
      }
    }
  '';
}