ansible/router
ansible/router
2
0
Fork 0
Code Issues 1 Pull requests Activity

feat: add wireguard support

Browse source
This commit is contained in:
Simon Cornet 2026-02-17 14:02:35 +01:00
commit 1781bb5939
2 changed files with 11 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
defaults/main.yaml
View file

@ -12,3 +12,6 @@ static_routes: []
# incoming firewall rules # incoming firewall rules
incoming_firewall_rules: [] incoming_firewall_rules: []
# wireguard
wireguard_enable: true

10
templates/nftables.nft.j2
View file

@ -12,7 +12,7 @@ table inet filter {
# Allow loopback # Allow loopback
iif lo accept iif lo accept
# Allow ICMP # Allow ICMP
ip protocol icmp accept ip protocol icmp accept
ip6 nexthdr ipv6-icmp accept ip6 nexthdr ipv6-icmp accept
@ -29,6 +29,12 @@ table inet filter {
# Allow established/related # Allow established/related
ct state established,related accept ct state established,related accept
{% if wireguard_enabled %}
# Allow WireGuard traffic
iifname "wt*" accept
oifname "wt*" accept
{% endif %}
# Allow forwarding from LAN to anywhere # Allow forwarding from LAN to anywhere
iif {{ lan_interface }} oif {{ wan_interface }} accept iif {{ lan_interface }} oif {{ wan_interface }} accept
{% for forward in nat_port_forwards %} {% for forward in nat_port_forwards %}
@ -47,7 +53,7 @@ table ip nat {
type nat hook postrouting priority 100; policy accept; type nat hook postrouting priority 100; policy accept;
# NAT masquerade from LAN to WAN # NAT masquerade from LAN to WAN
oif {{ wan_interface }} masquerade iif {{ lan_interface }} oif {{ wan_interface }} masquerade
} }
chain prerouting { chain prerouting {