ansible-roles/vpn/wireguard/templates/nftables/up.nft

#!/usr/bin/env -S nft -f

table inet ${IFACE}_inet {
        chain forward {
                type filter hook forward priority 0;
                iif ${IFACE} tcp flags syn tcp option maxseg size set rt mtu;
                oif ${IFACE} tcp flags syn tcp option maxseg size set rt mtu;
        }
{% if vpn_wireguard_role == "server" %}

        chain postrouting {
                type nat hook postrouting priority 100;
                iif ${IFACE} oif { {{ [
                        ansible_default_ipv4.interface | default(ansible_default_ipv6.interface),
                        ansible_default_ipv6.interface | default(ansible_default_ipv4.interface)
                    ] | unique | join(", ") }} } masquerade;
        }
{% endif %}
}
Move wireguard to new config system 2023-08-13 23:47:03 +02:00			`#!/usr/bin/env -S nft -f`

			`table inet ${IFACE}_inet {`
			`chain forward {`
			`type filter hook forward priority 0;`
			`iif ${IFACE} tcp flags syn tcp option maxseg size set rt mtu;`
			`oif ${IFACE} tcp flags syn tcp option maxseg size set rt mtu;`
			`}`
			`{% if vpn_wireguard_role == "server" %}`

			`chain postrouting {`
			`type nat hook postrouting priority 100;`
			`iif ${IFACE} oif { {{ [`
			`ansible_default_ipv4.interface \| default(ansible_default_ipv6.interface),`
			`ansible_default_ipv6.interface \| default(ansible_default_ipv4.interface)`
			`] \| unique \| join(", ") }} } masquerade;`
			`}`
			`{% endif %}`
			`}`