From 55395d537bc4ff8d0ff09e6384736e9de53648d8 Mon Sep 17 00:00:00 2001
From: Simon Cornet <simon@simoncor.net>
Date: Tue, 17 Feb 2026 14:09:41 +0100
Subject: [PATCH] feat: simplify wireguard-exit node

---
 templates/nftables.nft.j2 | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/templates/nftables.nft.j2 b/templates/nftables.nft.j2
index 06e8fdc..b18b39e 100644
--- a/templates/nftables.nft.j2
+++ b/templates/nftables.nft.j2
@@ -55,13 +55,8 @@ table ip nat {
     chain postrouting {
         type nat hook postrouting priority 100; policy accept;
 
-        # nat masquerade from lan to wan
-        iif {{ lan_interface }} oif {{ wan_interface }} masquerade
-
-{% if wireguard_enabled %}
-        # nat mascerade from wireguard to wan (exit node) 
-        iifname "wt*" oif {{ wan_interface }} masquerade
-{% endif %}
+        # nat masquerade from any to wan
+        oif {{ wan_interface }} masquerade
     }
 
     chain prerouting {