Allow for adding extra tcp ports in nfttables

2022-08-17 22:47:20 +02:00
parent b09d09a6d7
commit a789bf7c9a
2 changed files with 3 additions and 1 deletions
--- a/templates/nftables.conf.j2
+++ b/templates/nftables.conf.j2
@@ -11,7 +11,7 @@ table inet filter {
    ct state established,related accept
    ip6 nexthdr icmpv6 icmpv6 type { nd-neighbor-solicit, echo-request, nd-router-advert, nd-neighbor-advert } accept
    ip protocol icmp icmp type echo-request accept
-    tcp dport { ssh } ct state new accept
+    tcp dport { {{ wireguard_nftables_services_allow_tcp | join(', ')}} } ct state new accept
    udp dport { {{ wireguard_listenport }} } ct state new accept
    counter drop
  }