Nftables to go

2025-09-29 19:53:24 +02:00
parent b6e9bb6d81
commit 054ec35a98
10 changed files with 45 additions and 93 deletions
--- a/services/wireguard/install.sh
+++ b/services/wireguard/install.sh
@@ -12,8 +12,6 @@ cat <<EOF > /etc/wireguard/wg0.conf
 PrivateKey = $(cat /etc/wireguard/server_priv.key)
 Address = 10.0.0.1/24 # Server has IP in the wg network
 ListenPort = 51820
-#PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
-#PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
 EOF

 # Enable IP forwarding, persistent
--- a/services/wireguard/vpn_traffic.policy.json
+++ b/services/wireguard/vpn_traffic.policy.json
@@ -1,11 +0,0 @@
-{
-    "description": "Allow VPN traffic through Wireguard interface",
-    "filter": [
-        {
-            "in": "VPN",
-            "service": [ "ssh", "dns", "ping", "http", "https" ],
-            "action": "accept",
-            "src": "10.0.0.1/24"
-        }
-    ]
-}
--- a/services/wireguard/wireguard.policy.json
+++ b/services/wireguard/wireguard.policy.json
@@ -1,14 +0,0 @@
-{
-    "description": "Allow Wireguard server access from the internet",
-    "service": {
-        "wireguard": { "port": 51820, "proto": "udp" }
-    },
-    "filter": [
-        {
-            "in": "WAN",
-            "out": "_fw",
-            "service": "wireguard",
-            "action": "accept"
-        }
-    ]
-}