shinobu/router: Clean up nftables rules

This commit is contained in:
Simon Bruder 2023-09-21 12:59:12 +02:00
parent 9c42cb0903
commit 8a1724fe43
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC

View file

@ -73,6 +73,7 @@ in
iifname wg-upstream tcp flags syn / syn,rst tcp option maxseg size set rt mtu iifname wg-upstream tcp flags syn / syn,rst tcp option maxseg size set rt mtu
oifname wg-upstream tcp flags syn / syn,rst tcp option maxseg size set rt mtu oifname wg-upstream tcp flags syn / syn,rst tcp option maxseg size set rt mtu
# allow traffic between lan and wan
iifname $NAT_LAN_IFACES oifname $NAT_WAN_IFACES counter accept iifname $NAT_LAN_IFACES oifname $NAT_WAN_IFACES counter accept
iifname $NAT_WAN_IFACES oifname $NAT_LAN_IFACES ct state established,related counter accept iifname $NAT_WAN_IFACES oifname $NAT_LAN_IFACES ct state established,related counter accept
@ -90,10 +91,6 @@ in
} }
table inet nat { table inet nat {
chain prerouting {
type nat hook prerouting priority filter; policy accept
}
chain postrouting { chain postrouting {
type nat hook postrouting priority filter; policy accept type nat hook postrouting priority filter; policy accept
oifname $MASQUERADE_IFACES masquerade oifname $MASQUERADE_IFACES masquerade