nils/ansible-role-wireguard-nftables
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Allow for adding extra tcp ports in nfttables

Browse Source
This commit is contained in:
Nils
2022-08-17 22:47:20 +02:00
parent b09d09a6d7
commit a789bf7c9a
2 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
defaults/main.yml
View File

@@ -5,3 +5,5 @@ wireguard_listenport: 51820
wireguard_peers: [] wireguard_peers: []
wireguard_ipv4_forward: true wireguard_ipv4_forward: true
wireguard_ipv6_forward: true wireguard_ipv6_forward: true
wireguard_nftables_services_allow:
- ssh

2
templates/nftables.conf.j2
View File

@@ -11,7 +11,7 @@ table inet filter {
ct state established,related accept ct state established,related accept
ip6 nexthdr icmpv6 icmpv6 type { nd-neighbor-solicit, echo-request, nd-router-advert, nd-neighbor-advert } accept ip6 nexthdr icmpv6 icmpv6 type { nd-neighbor-solicit, echo-request, nd-router-advert, nd-neighbor-advert } accept
ip protocol icmp icmp type echo-request accept ip protocol icmp icmp type echo-request accept
tcp dport { ssh } ct state new accept tcp dport { {{ wireguard_nftables_services_allow_tcp | join(', ')}} } ct state new accept
udp dport { {{ wireguard_listenport }} } ct state new accept udp dport { {{ wireguard_listenport }} } ct state new accept
counter drop counter drop
} }