Update

services/caddy/config/.gitignore

@@ -1 +0,0 @@
-*.caddy

services/caddy/http.policy.json

@@ -1,11 +0,0 @@
-{
-    "description": "Allow incoming http (TCP 80 & 443) ports",
-    "filter": [
-        {
-            "in": "WAN",
-            "out": "_fw",
-            "service": ["http", "https"],
-            "action": "accept"
-        }
-    ]
-}

services/caddy/update.sh

@@ -1,8 +1,5 @@
 #!/bin/sh
 
-# Symlink config files in base dir
-find "$base_dir" -name "*.caddy" -exec ln -sf {} "./config" \;
-
 # Symlink config dir
 mkdir -p /home/podman/caddy
-ln -sf ./config /home/podman/caddy
+ln -sf ./Caddyfile /home/podman/caddy/Caddyfile

services/firewall/rules.nft

@@ -4,6 +4,7 @@ define wan = eth0
 define vpn = wg0
 define vpn_net = 10.0.0.0/24
 define lan_net = 192.168.2.0/24
+define self = 192.168.2.22
 
 define icmpv4_basic = {
   echo-reply, # type 0 / ping
@@ -35,6 +36,12 @@ define icmpv6_slaac = {
 define lan_clients = { 10.0.0.3 }
 
 table inet firewall {
+  # chain prerouting {
+  #   type nat hook prerouting priority 0;
+  #   # Example of port forwarding HTTP (80) from specific LAN clients to a local server
+  #   ip saddr 10.0.0.4 ip daddr $self tcp dport 80 dnat to $self:9999
+  # }
+
   chain postrouting {
     type nat hook postrouting priority 100;