ansible-edda/playbooks/roles/vpn/bridge/templates/post-up-br0-ipv4.nft.j2

24 lines
740 B
Plaintext
Raw Normal View History

2022-09-24 00:15:46 +02:00
#!/usr/bin/env -S nft -f
2022-09-25 16:00:40 +02:00
table ip br0_ipv4 {
2022-09-24 00:15:46 +02:00
chain prerouting {
type nat hook prerouting priority -100;
2022-12-08 23:27:25 +01:00
{% for forward in vpn_bridge_dnat %}
iif {{ ansible_default_ipv4.interface }} tcp dport { {{ forward.ports | join(", ") }} } dnat to {{ forward.address }};
{% endfor %}
2022-09-24 00:15:46 +02:00
}
2022-12-08 23:27:25 +01:00
{% if local_network is defined %}
2022-09-25 16:00:40 +02:00
chain input {
type filter hook input priority 0;
ct state established,related accept;
2022-12-08 23:27:25 +01:00
iif br0 ip daddr {{ local_network }} drop;
2022-09-25 16:00:40 +02:00
}
2022-12-08 23:27:25 +01:00
{% endif %}
2022-09-24 00:15:46 +02:00
chain postrouting {
type nat hook postrouting priority 100;
2022-12-08 23:27:25 +01:00
iif br0 oif {{ ansible_default_ipv4.interface }} masquerade;
2022-09-24 00:15:46 +02:00
}
}