the-nine-worlds/ansible-roles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
80e101768f
ansible-roles/vpn/bridge/templates/post-up-br0-ipv4.nft

31 lines
979 B
Plaintext
Raw Blame History

#!/usr/bin/env -S nft -f
table ip br0_ipv4 {
chain prerouting {
type nat hook prerouting priority -100;
{% for forward in vpn_bridge_dnat %}
iif {{ ansible_default_ipv4.interface }} tcp dport { {{ forward.ports | join(", ") }} } dnat to {{ forward.address }};
{% endfor %}
}
chain forward {
type filter hook forward priority 0;
{% if local_network is defined %}
ct state established,related accept;
iif br0 ip daddr {{ local_network }} drop;
{% endif %}
{% if vpn_bridge_local_only_daddr %}
# Drop all external traffic for these addresses.
ip saddr != {{ vpn_bridge_subnet }} ip daddr { {{ vpn_bridge_local_only_daddr | join(", ") }} } drop;
{% endif %}
}
chain postrouting {
type nat hook postrouting priority 100;
iif br0 oif {{ ansible_default_ipv4.interface }} masquerade;
}
}
Reference in New Issue View Git Blame Copy Permalink