From ffe65032db646abf9ddb500dcefdea887e45ce6e Mon Sep 17 00:00:00 2001
From: Wojciech Kozlowski <wk@wojciechkozlowski.eu>
Date: Sun, 22 Oct 2023 09:39:25 +0200
Subject: [PATCH] Leave forwarding UDP for another time

---
 vpn/bridge/templates/nftables/up.nft | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/vpn/bridge/templates/nftables/up.nft b/vpn/bridge/templates/nftables/up.nft
index 7e5edb0..d9b73fc 100644
--- a/vpn/bridge/templates/nftables/up.nft
+++ b/vpn/bridge/templates/nftables/up.nft
@@ -14,7 +14,7 @@ table ip ${IFACE}_ipv4 {
         chain prerouting {
                 type nat hook prerouting priority -100;
 {% for forward in vpn_bridge_dnat %}
-                iif {{ ansible_default_ipv4.interface | default(ansible_default_ipv6.interface) }} meta l4proto { tcp, udp } th dport { {{ forward.ports | join(", ") }} } dnat to {{ forward.inet_address }};
+                iif {{ ansible_default_ipv4.interface | default(ansible_default_ipv6.interface) }} tcp dport { {{ forward.ports | join(", ") }} } dnat to {{ forward.inet_address }};
 {% endfor %}
         }
 
@@ -37,7 +37,7 @@ table ip6 ${IFACE}_ipv6 {
         chain prerouting {
                 type nat hook prerouting priority -100;
 {% for forward in vpn_bridge_dnat %}
-                iif {{ ansible_default_ipv6.interface | default(ansible_default_ipv4.interface) }} meta l4proto { tcp, udp } th dport { {{ forward.ports | join(", ") }} } dnat to {{ forward.inet6_address }};
+                iif {{ ansible_default_ipv6.interface | default(ansible_default_ipv4.interface) }} tcp dport { {{ forward.ports | join(", ") }} } dnat to {{ forward.inet6_address }};
 {% endfor %}
         }