fix

firewall.sh

@@ -100,17 +100,6 @@ blockCountry() {
 	done
 }
 
-wireguard-networking() {
-	$NFT add table nat
-	$NFT add chain nat postrouting
-	$NFT add rule nat postrouting oif wg0 iif enp11s0
-	$NFT add rule nat postrouting oif enp11s0 iif wg0
-	$NFT add rule nat postrouting masquerade
-	$NFT add rule filter forward iifname wg0 oif enp11s0 accept
-	$NFT add rule filter forward iifname enp11s0 oif wg0 accept
-	$NFT add rule ip filter input ip saddr 192.168.5.0/24 accept
-}
-
 attacker-protection() {
 	watch
 	bash $MODULES/module-nostr.sh "$i" "$DATE" "$ACCESS"
@@ -183,7 +172,6 @@ start() {
  	sysctl -w net.ipv4.conf.all.forwarding=1
 	import-saved
 	blockCountry
-	wireguard-networking
 	docker restart uptime-kuma
 	#Docker
 	$NFT insert rule filter input iif docker0 accept

ipv4-filter.nft

@@ -1,6 +1,13 @@
 table filter {
 	set http_ratelimit { type ipv4_addr; timeout 1s; flags dynamic; }
 	chain input		{ type filter hook input priority 0;policy drop;}
-	chain forward		{ type filter hook forward priority 0; }
+	chain forward		{ type filter hook forward priority 0;iifname wg0 accept;
+				iifname enp11s0 accept;ct status dnat accept;}
 	chain output		{ type filter hook output priority 0;  }
 }
+
+table inet t_nat {
+	chain prerouting {  type nat hook prerouting priority -100; policy accept;}
+	chain postrouting {  type nat hook postrouting priority 100;
+			   iifname wg0 oifname enp11s0 masquerade;}
+}