From 5491663d8636d903d51ddeca300fe5474b2769f7 Mon Sep 17 00:00:00 2001 From: Maurice Date: Mon, 29 Sep 2025 20:26:32 +0200 Subject: [PATCH] Update --- services/caddy/{config => }/Caddyfile | 0 services/caddy/config/.gitignore | 1 - services/caddy/http.policy.json | 11 ----------- services/caddy/update.sh | 5 +---- services/firewall/rules.nft | 7 +++++++ 5 files changed, 8 insertions(+), 16 deletions(-) rename services/caddy/{config => }/Caddyfile (100%) delete mode 100644 services/caddy/config/.gitignore delete mode 100644 services/caddy/http.policy.json diff --git a/services/caddy/config/Caddyfile b/services/caddy/Caddyfile similarity index 100% rename from services/caddy/config/Caddyfile rename to services/caddy/Caddyfile diff --git a/services/caddy/config/.gitignore b/services/caddy/config/.gitignore deleted file mode 100644 index ffd15ef..0000000 --- a/services/caddy/config/.gitignore +++ /dev/null @@ -1 +0,0 @@ -*.caddy \ No newline at end of file diff --git a/services/caddy/http.policy.json b/services/caddy/http.policy.json deleted file mode 100644 index 0e6626d..0000000 --- a/services/caddy/http.policy.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "description": "Allow incoming http (TCP 80 & 443) ports", - "filter": [ - { - "in": "WAN", - "out": "_fw", - "service": ["http", "https"], - "action": "accept" - } - ] -} diff --git a/services/caddy/update.sh b/services/caddy/update.sh index 26992fc..91b164c 100644 --- a/services/caddy/update.sh +++ b/services/caddy/update.sh @@ -1,8 +1,5 @@ #!/bin/sh -# Symlink config files in base dir -find "$base_dir" -name "*.caddy" -exec ln -sf {} "./config" \; - # Symlink config dir mkdir -p /home/podman/caddy -ln -sf ./config /home/podman/caddy \ No newline at end of file +ln -sf ./Caddyfile /home/podman/caddy/Caddyfile \ No newline at end of file diff --git a/services/firewall/rules.nft b/services/firewall/rules.nft index a02e24a..aadc775 100644 --- a/services/firewall/rules.nft +++ b/services/firewall/rules.nft @@ -4,6 +4,7 @@ define wan = eth0 define vpn = wg0 define vpn_net = 10.0.0.0/24 define lan_net = 192.168.2.0/24 +define self = 192.168.2.22 define icmpv4_basic = { echo-reply, # type 0 / ping @@ -35,6 +36,12 @@ define icmpv6_slaac = { define lan_clients = { 10.0.0.3 } table inet firewall { + # chain prerouting { + # type nat hook prerouting priority 0; + # # Example of port forwarding HTTP (80) from specific LAN clients to a local server + # ip saddr 10.0.0.4 ip daddr $self tcp dport 80 dnat to $self:9999 + # } + chain postrouting { type nat hook postrouting priority 100;