From 0b1ea4d957e3812ef5d266fccadb9671ea9e767c Mon Sep 17 00:00:00 2001
From: Simon Cornet <simon@simoncor.net>
Date: Mon, 2 Mar 2026 13:15:05 +0100
Subject: [PATCH] feat: add external dhcp option

---
 defaults/main.yaml        | 3 +++
 templates/nftables.nft.j2 | 5 +++++
 2 files changed, 8 insertions(+)

diff --git a/defaults/main.yaml b/defaults/main.yaml
index c76bc7e..3da3797 100644
--- a/defaults/main.yaml
+++ b/defaults/main.yaml
@@ -12,3 +12,6 @@ incoming_firewall_rules: []
 
 # wireguard
 wireguard_enabled: true
+
+# dhcp
+dhcp_enable: false
diff --git a/templates/nftables.nft.j2 b/templates/nftables.nft.j2
index 239359f..de8f250 100644
--- a/templates/nftables.nft.j2
+++ b/templates/nftables.nft.j2
@@ -16,6 +16,11 @@ table inet filter {
         ip protocol icmp accept
         ip6 nexthdr ipv6-icmp accept
 
+{% if dhcp_enable %}
+        # allow dhcp
+        iif {{ lan_interface }} udp dport 67 accept
+{% endif %}
+
         # allow incoming firewall rules
 {% for rule in incoming_firewall_rules %}
         # {{ rule.name }}