ansible-roles/vpn/wireguard/templates/post-up-IFACE-inet.nft

#!/usr/bin/env -S nft -f

table inet {{ vpn_wireguard_iface }}_inet {
        chain forward {
                type filter hook forward priority 0;
                iif {{ vpn_wireguard_iface }} tcp flags syn tcp option maxseg size set rt mtu;
                oif {{ vpn_wireguard_iface }} tcp flags syn tcp option maxseg size set rt mtu;
        }
{% if vpn_wireguard_role == "server" %}

        chain postrouting {
                type nat hook postrouting priority 100;
                iif {{ vpn_wireguard_iface }} oif { {{ [ansible_default_ipv4.interface, ansible_default_ipv6.interface] | unique | join(", ") }} } masquerade;
        }
{% endif %}
}
Variable wireguard interface name 2023-07-20 20:27:37 +02:00			`#!/usr/bin/env -S nft -f`

			`table inet {{ vpn_wireguard_iface }}_inet {`
			`chain forward {`
			`type filter hook forward priority 0;`
			`iif {{ vpn_wireguard_iface }} tcp flags syn tcp option maxseg size set rt mtu;`
			`oif {{ vpn_wireguard_iface }} tcp flags syn tcp option maxseg size set rt mtu;`
			`}`
Update wireguard nftables for IPv6 2023-07-24 23:46:44 +02:00			`{% if vpn_wireguard_role == "server" %}`

			`chain postrouting {`
			`type nat hook postrouting priority 100;`
Fully migrate wireguard to IPv6 2023-07-28 22:30:55 +02:00			`iif {{ vpn_wireguard_iface }} oif { {{ [ansible_default_ipv4.interface, ansible_default_ipv6.interface] \| unique \| join(", ") }} } masquerade;`
Update wireguard nftables for IPv6 2023-07-24 23:46:44 +02:00			`}`
			`{% endif %}`
Variable wireguard interface name 2023-07-20 20:27:37 +02:00			`}`