rework firewall setup

2023-09-24 20:59:58 +02:00 · 2023-09-24 20:59:58 +02:00 · cd48cf495d
commit cd48cf495d
parent be62c1270f
30 changed files with 145 additions and 122 deletions
--- a/nodes/htz-cloud/wireguard.py
+++ b/nodes/htz-cloud/wireguard.py
@ -38,14 +38,18 @@ nodes['htz-cloud.wireguard'] = {
            },
        },
        'nftables': {
-            'rules': {
+            'input': {
                '50-router': [
-                    'inet filter forward ct state { related, established } accept',
-                    'inet filter forward oif eth0 accept',
-                    'nat postrouting oif eth0 masquerade',
+                    'ct state { related, established } accept',
+                    'oifname eth0 accept',
                ],
-                'wg_special': [
-                    'inet filter input udp dport 51819 accept',
+                '50-wireguard': [
+                    'udp dport 51819 accept',
+                ],
+            },
+            'postrouting': {
+                '50-router': [
+                    'oifname eth0 masquerade',
                ],
            },
        },