Getting started with NFTables - long way to go

services/wireguard/install.sh

@@ -12,8 +12,8 @@ cat <<EOF > /etc/wireguard/wg0.conf
 PrivateKey = $(cat /etc/wireguard/server_priv.key)
 Address = 10.0.0.1/24 # Server has IP in the wg network
 ListenPort = 51820
-PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
-PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
+#PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+#PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
 EOF
 
 # Enable IP forwarding, persistent

services/wireguard/vpn_traffic.policy.json

@@ -3,7 +3,6 @@
     "filter": [
         {
             "in": "VPN",
-            "out": "_fw",
             "service": [ "ssh", "dns", "ping", "http", "https" ],
             "action": "accept",
             "src": "10.0.0.1/24"