ansible-edda/playbooks/filesystem/yggdrasil/usr/local/sbin/post-up-br0-ipv4.nft.j2

#!/usr/bin/env -S nft -f

table ip br0_ipv4 {
        chain prerouting {
                type nat hook prerouting priority -100;
                iif {{ ethx }} tcp dport { 80, 443 } dnat to {{ services['lrproxy'].address }};
                iif {{ ethx }} tcp dport {{ services['git'].ssh_port }} dnat to {{ services['git'].address }};
        }

        chain input {
                type filter hook input priority 0;
                ct state established,related accept;
                iif br0 ip daddr {{ subnet }} drop;
        }

        chain postrouting {
                type nat hook postrouting priority 100;
                iif br0 oif {{ ethx }} masquerade;
        }
}
Set up VPN network 2022-09-24 00:15:46 +02:00			`#!/usr/bin/env -S nft -f`

Make VPN configuration more robust 2022-09-25 16:00:40 +02:00			`table ip br0_ipv4 {`
Set up VPN network 2022-09-24 00:15:46 +02:00			`chain prerouting {`
			`type nat hook prerouting priority -100;`
Set up gitea port forwarding 2022-11-15 23:01:51 +01:00			`iif {{ ethx }} tcp dport { 80, 443 } dnat to {{ services['lrproxy'].address }};`
			`iif {{ ethx }} tcp dport {{ services['git'].ssh_port }} dnat to {{ services['git'].address }};`
Set up VPN network 2022-09-24 00:15:46 +02:00			`}`

Make VPN configuration more robust 2022-09-25 16:00:40 +02:00			`chain input {`
			`type filter hook input priority 0;`
			`ct state established,related accept;`
			`iif br0 ip daddr {{ subnet }} drop;`
			`}`

Set up VPN network 2022-09-24 00:15:46 +02:00			`chain postrouting {`
			`type nat hook postrouting priority 100;`
			`iif br0 oif {{ ethx }} masquerade;`
			`}`
			`}`