[Service]
Type=oneshot
ExecStart=/bin/bash -c "iptables -t nat -I POSTROUTING -s {{ node_pod_cidr|ipaddr('net') }} -o {{ node_default_gateway_interface }} -j MASQUERADE"

[Install]
WantedBy=sys-subsystem-net-devices-mac0.device