ansible-roles/vpn/wireguard/templates/nftables/up.nft

20 lines
741 B
Plaintext
Raw Normal View History

2023-08-13 23:47:03 +02:00
#!/usr/bin/env -S nft -f
table inet ${IFACE}_inet {
chain forward {
type filter hook forward priority 0;
iif ${IFACE} tcp flags syn tcp option maxseg size set rt mtu;
oif ${IFACE} tcp flags syn tcp option maxseg size set rt mtu;
}
{% if vpn_wireguard_role == "server" %}
chain postrouting {
type nat hook postrouting priority 100;
iif ${IFACE} oif { {{ [
ansible_default_ipv4.interface | default(ansible_default_ipv6.interface),
ansible_default_ipv6.interface | default(ansible_default_ipv4.interface)
] | unique | join(", ") }} } masquerade;
}
{% endif %}
}