#!/usr/bin/env -S nft -f

table inet ${IFACE}_inet {
        chain forward {
                type filter hook forward priority 0;
                iif ${IFACE} tcp flags syn tcp option maxseg size set rt mtu;
                oif ${IFACE} tcp flags syn tcp option maxseg size set rt mtu;
        }
{% if vpn_wireguard_role == "server" %}

        chain postrouting {
                type nat hook postrouting priority 100;
                iif ${IFACE} oif { {{ [
                        ansible_default_ipv4.interface | default(ansible_default_ipv6.interface),
                        ansible_default_ipv6.interface | default(ansible_default_ipv4.interface)
                    ] | unique | join(", ") }} } masquerade;
        }
{% endif %}
}