Loading defaults/main.yaml +3 −0 Original line number Diff line number Diff line Loading @@ -12,3 +12,6 @@ static_routes: [] # incoming firewall rules incoming_firewall_rules: [] # wireguard wireguard_enable: true templates/nftables.nft.j2 +8 −2 Original line number Diff line number Diff line Loading @@ -29,6 +29,12 @@ table inet filter { # Allow established/related ct state established,related accept {% if wireguard_enabled %} # Allow WireGuard traffic iifname "wt*" accept oifname "wt*" accept {% endif %} # Allow forwarding from LAN to anywhere iif {{ lan_interface }} oif {{ wan_interface }} accept {% for forward in nat_port_forwards %} Loading @@ -47,7 +53,7 @@ table ip nat { type nat hook postrouting priority 100; policy accept; # NAT masquerade from LAN to WAN oif {{ wan_interface }} masquerade iif {{ lan_interface }} oif {{ wan_interface }} masquerade } chain prerouting { Loading Loading
defaults/main.yaml +3 −0 Original line number Diff line number Diff line Loading @@ -12,3 +12,6 @@ static_routes: [] # incoming firewall rules incoming_firewall_rules: [] # wireguard wireguard_enable: true
templates/nftables.nft.j2 +8 −2 Original line number Diff line number Diff line Loading @@ -29,6 +29,12 @@ table inet filter { # Allow established/related ct state established,related accept {% if wireguard_enabled %} # Allow WireGuard traffic iifname "wt*" accept oifname "wt*" accept {% endif %} # Allow forwarding from LAN to anywhere iif {{ lan_interface }} oif {{ wan_interface }} accept {% for forward in nat_port_forwards %} Loading @@ -47,7 +53,7 @@ table ip nat { type nat hook postrouting priority 100; policy accept; # NAT masquerade from LAN to WAN oif {{ wan_interface }} masquerade iif {{ lan_interface }} oif {{ wan_interface }} masquerade } chain prerouting { Loading
