1. Don't allow NAT rules on IPv6 on kernels older that 3.7.

2. Don't set up the IPv6 NAT table if no NAT rules are defined.

providers/rule.rb

@@ -8,6 +8,10 @@
     updated |= handle_rule(new_resource, "ipv4")
   end
   if [:ipv6, :both].include?(new_resource.ip_version)
+    if new_resource.table == 'nat' &&
+        Gem::Version.new(/\d+(\.\d+(.\d+)?)?/.match(node['kernel']['release'])[0]) < Gem::Version.new('3.7')
+      raise "NAT table cannot be used with IPv6 before Kernel 3.7"
+    end
     updated |= handle_rule(new_resource, "ipv6")
   end
   new_resource.updated_by_last_action(updated)

templates/default/ip6tables-rules.erb

@@ -1,4 +1,5 @@
-<% if node["simple_iptables"]["ipv6"]["tables"].include?('nat') %>
+<% if node["simple_iptables"]["ipv6"]["tables"].include?('nat') &&
+    node["simple_iptables"]["ipv6"]["rules"]["nat"].size > 0 %>
 # This file generated by Chef. Changes will be overwritten.
 *nat
 :PREROUTING <%= node["simple_iptables"]["ipv6"]["policy"]["nat"]["PREROUTING"] || "ACCEPT" %> [0:0]