From 7845faeac37d24ca2b051c6b2c3ecab9cebe8194 Mon Sep 17 00:00:00 2001
From: Franziska Kunsmann <hi@kunsmann.eu>
Date: Sat, 9 Sep 2023 22:46:09 +0200
Subject: [PATCH] htz-cloud.wireguard: add IPv4 NAT

---
 nodes/htz-cloud/wireguard.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/nodes/htz-cloud/wireguard.py b/nodes/htz-cloud/wireguard.py
index 4cd7e3c..d7c9a89 100644
--- a/nodes/htz-cloud/wireguard.py
+++ b/nodes/htz-cloud/wireguard.py
@@ -36,6 +36,15 @@ nodes['htz-cloud.wireguard'] = {
                 '172.19.137.0/24',
             },
         },
+        'nftables': {
+            'rules': {
+                '50-router': [
+                    'inet filter forward ct state { related, established } accept',
+                    'inet filter forward oif eth0 accept',
+                    'nat postrouting oif eth0 masquerade',
+                ],
+            },
+        },
         'vm': {
             'cpu': 1,
             'ram': 2,