firewall/ipv4-filter.nft

table filter {
	set http_ratelimit { type ipv4_addr; timeout 1s; flags dynamic; } 
	chain input		{ type filter hook input priority 0;policy drop;}
	chain forward		{ type filter hook forward priority 0;
				iifname wg0 accept;
				iifname home accept;
				iifname eno1 accept;
				ct status dnat accept;
				}
	chain output		{ type filter hook output priority 0;  }
}

table nat {
	chain prerouting {  type nat hook prerouting priority -100; policy accept;}
	chain postrouting {  type nat hook postrouting priority 100;
	iifname wg0 oifname eno1 masquerade;
	iifname home oifname eno1 masquerade;
	iifname eno1 oifname wg0 masquerade;
	iifname eno1 oifname home masquerade;
	}
}
fix 2024-09-10 18:20:33 -06:00			`table filter {`
ifixo 2024-09-27 23:41:07 -06:00			`set http_ratelimit { type ipv4_addr; timeout 1s; flags dynamic; }`
			`chain input { type filter hook input priority 0;policy drop;}`
fix 2024-09-27 22:17:30 -06:00			`chain forward { type filter hook forward priority 0;`
			`iifname wg0 accept;`
			`iifname home accept;`
			`iifname eno1 accept;`
			`ct status dnat accept;`
			`}`
fix 2024-09-10 18:20:33 -06:00			`chain output { type filter hook output priority 0; }`
			`}`
fix 2024-09-27 14:33:34 -06:00
ifixo 2024-09-27 23:41:07 -06:00			`table nat {`
fix 2024-09-27 14:33:34 -06:00			`chain prerouting { type nat hook prerouting priority -100; policy accept;}`
			`chain postrouting { type nat hook postrouting priority 100;`
fix 2024-09-27 22:17:30 -06:00			`iifname wg0 oifname eno1 masquerade;`
			`iifname home oifname eno1 masquerade;`
			`iifname eno1 oifname wg0 masquerade;`
			`iifname eno1 oifname home masquerade;`
			`}`
fix 2024-09-27 14:33:34 -06:00			`}`