firewall/ipv4-filter.nft

table filter {
	set http_ratelimit { type ipv4_addr; timeout 1s; flags dynamic; }
	chain input		{ type filter hook input priority 0;policy drop;}
	chain forward		{ type filter hook forward priority 0;iifname wg0 accept;
				iifname enp11s0 accept;ct status dnat accept;}
	chain output		{ type filter hook output priority 0;  }
}

table inet t_nat {
	chain prerouting {  type nat hook prerouting priority -100; policy accept;}
	chain postrouting {  type nat hook postrouting priority 100;
			   iifname wg0 oifname enp11s0 masquerade;}
}
fix 2024-09-10 18:20:33 -06:00			`table filter {`
fix 2024-09-24 11:50:24 -06:00			`set http_ratelimit { type ipv4_addr; timeout 1s; flags dynamic; }`
fix 2024-09-10 18:20:33 -06:00			`chain input { type filter hook input priority 0;policy drop;}`
fix 2024-09-27 14:33:34 -06:00			`chain forward { type filter hook forward priority 0;iifname wg0 accept;`
			`iifname enp11s0 accept;ct status dnat accept;}`
fix 2024-09-10 18:20:33 -06:00			`chain output { type filter hook output priority 0; }`
			`}`
fix 2024-09-27 14:33:34 -06:00
			`table inet t_nat {`
			`chain prerouting { type nat hook prerouting priority -100; policy accept;}`
			`chain postrouting { type nat hook postrouting priority 100;`
			`iifname wg0 oifname enp11s0 masquerade;}`
			`}`