Allow for adding extra tcp ports in nfttables

defaults/main.yml

@@ -5,3 +5,5 @@ wireguard_listenport: 51820
 wireguard_peers: []
 wireguard_ipv4_forward: true
 wireguard_ipv6_forward: true
+wireguard_nftables_services_allow:
+  - ssh

templates/nftables.conf.j2

@@ -11,7 +11,7 @@ table inet filter {
     ct state established,related accept
     ip6 nexthdr icmpv6 icmpv6 type { nd-neighbor-solicit, echo-request, nd-router-advert, nd-neighbor-advert } accept
     ip protocol icmp icmp type echo-request accept
-    tcp dport { ssh } ct state new accept
+    tcp dport { {{ wireguard_nftables_services_allow_tcp | join(', ')}} } ct state new accept
     udp dport { {{ wireguard_listenport }} } ct state new accept
     counter drop
   }