kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests 1 Releases Activity

bundles/wireguard: better nftables rules

Browse source
This commit is contained in:
Franzi 2022-12-11 17:42:39 +01:00
parent e8d24bc363
commit c8dd809057
Signed by: kunsi
GPG key ID: 12E3D2136B818350
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
bundles/wireguard/metadata.py
View file

@ -223,8 +223,8 @@ def snat(metadata):
rules = set() rules = set()
for number, (peer, config) in enumerate(sorted(metadata.get('wireguard/peers', {}).items())): for number, (peer, config) in enumerate(sorted(metadata.get('wireguard/peers', {}).items())):
rules.add(f'inet filter forward iif wg{number} accept') rules.add(f'inet filter forward iifname wg{number} accept')
rules.add(f'inet filter forward oif wg{number} accept') rules.add(f'inet filter forward oifname wg{number} accept')
if 'snat_to' in config: if 'snat_to' in config:
rules.add('nat postrouting ip saddr {} ip daddr != {} snat to {}'.format( rules.add('nat postrouting ip saddr {} ip daddr != {} snat to {}'.format(