ansible-edda/playbooks/filesystem/yggdrasil/usr/local/sbin/post-up-br0.nft.j2

#!/usr/bin/env -S nft -f

table inet br0_filter {
        chain input {
                type filter hook input priority -5;
                ct state established,related accept;
                iif br0 ip daddr {{ subnet }} drop;
        }
}

table ip br0_nat {
        chain prerouting {
                type nat hook prerouting priority -100;
                iif {{ ethx }} tcp dport { 80, 443 } dnat to {{ vpn_reverse_proxy_address }};
        }

        chain postrouting {
                type nat hook postrouting priority 100;
                iif br0 oif {{ ethx }} masquerade;
        }
}
Set up VPN network 2022-09-24 00:15:46 +02:00			`#!/usr/bin/env -S nft -f`

			`table inet br0_filter {`
			`chain input {`
			`type filter hook input priority -5;`
			`ct state established,related accept;`
			`iif br0 ip daddr {{ subnet }} drop;`
			`}`
			`}`

			`table ip br0_nat {`
			`chain prerouting {`
			`type nat hook prerouting priority -100;`
			`iif {{ ethx }} tcp dport { 80, 443 } dnat to {{ vpn_reverse_proxy_address }};`
			`}`

			`chain postrouting {`
			`type nat hook postrouting priority 100;`
			`iif br0 oif {{ ethx }} masquerade;`
			`}`
			`}`