ansible-roles/vpn/bridge/templates/post-up-br0-ipv4.nft

#!/usr/bin/env -S nft -f

table ip br0_ipv4 {
        chain prerouting {
                type nat hook prerouting priority -100;
{% for forward in vpn_bridge_dnat %}
                iif {{ ansible_default_ipv4.interface }} tcp dport { {{ forward.ports | join(", ") }} } dnat to {{ forward.inet_address }};
{% endfor %}
        }

        chain forward {
                type filter hook forward priority 0;
{% if local_inet_network is defined %}

                ct state established,related accept;
                iif br0 ip daddr {{ local_inet_network }} drop;
{% endif %}
{% if vpn_bridge_local_only_inet_daddr %}

                # Drop all external traffic for these addresses.
                ip saddr != {{ vpn_bridge_inet_subnet }} ip daddr { {{ vpn_bridge_local_only_inet_daddr | join(", ") }} } drop;
{% endif %}
        }
}
Initial commit 2022-12-20 19:47:11 +01:00			`#!/usr/bin/env -S nft -f`

			`table ip br0_ipv4 {`
			`chain prerouting {`
			`type nat hook prerouting priority -100;`
			`{% for forward in vpn_bridge_dnat %}`
Add IPv6 support to bridges 2023-07-27 23:07:45 +02:00			`iif {{ ansible_default_ipv4.interface }} tcp dport { {{ forward.ports \| join(", ") }} } dnat to {{ forward.inet_address }};`
Initial commit 2022-12-20 19:47:11 +01:00			`{% endfor %}`
			`}`

Add rules for local-only forwarding 2023-07-08 12:58:07 +02:00			`chain forward {`
			`type filter hook forward priority 0;`
Add IPv6 support to bridges 2023-07-27 23:07:45 +02:00			`{% if local_inet_network is defined %}`
Add rules for local-only forwarding 2023-07-08 12:58:07 +02:00
Initial commit 2022-12-20 19:47:11 +01:00			`ct state established,related accept;`
Add IPv6 support to bridges 2023-07-27 23:07:45 +02:00			`iif br0 ip daddr {{ local_inet_network }} drop;`
Initial commit 2022-12-20 19:47:11 +01:00			`{% endif %}`
Add IPv6 support to bridges 2023-07-27 23:07:45 +02:00			`{% if vpn_bridge_local_only_inet_daddr %}`
Add rules for local-only forwarding 2023-07-08 12:58:07 +02:00
Add IPv6 support to bridges 2023-07-27 23:07:45 +02:00			`# Drop all external traffic for these addresses.`
			`ip saddr != {{ vpn_bridge_inet_subnet }} ip daddr { {{ vpn_bridge_local_only_inet_daddr \| join(", ") }} } drop;`
Add rules for local-only forwarding 2023-07-08 12:58:07 +02:00			`{% endif %}`
			`}`
Initial commit 2022-12-20 19:47:11 +01:00			`}`