Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
Ansible
Manage
Activity
Members
Labels
Plan
Issues
3
Issue boards
Milestones
Code
Merge requests
2
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Deploy
Releases
Model registry
Analyze
Value stream analytics
Contributor analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Nounous
Ansible
Merge requests
!78
[wireguard] Also NAT IPv6
Code
Review changes
Check out branch
Download
Patches
Plain diff
Merged
[wireguard] Also NAT IPv6
wireguard
into
newinfra
Overview
0
Commits
1
Changes
1
Merged
Benjamin Graillot
requested to merge
wireguard
into
newinfra
4 years ago
Overview
0
Commits
1
Changes
1
Expand
👍
0
👎
0
Merge request reports
Compare
newinfra
newinfra (base)
and
latest version
latest version
1f759b6d
1 commit,
4 years ago
1 file
+
19
−
5
Inline
Compare changes
Side-by-side
Inline
Show whitespace changes
Show one file at a time
roles/wireguard/templates/nftables.conf
+
19
−
5
Options
@@ -2,17 +2,31 @@
flush
ruleset
{%
set
sputnik_ip
=
query
(
'ldap'
,
'ip'
,
'sputnik'
,
'adm'
) %}
{%
set
sputnik_ip
=
(
query
(
'ldap'
,
'ip'
,
'sputnik'
,
'adm'
)
|
ipv4
)[
0
]
%}
table
ip
nat
{
chain
prerouting
{
type
nat
hook
prerouting
priority
0
;
policy
accept
;
ip
daddr
{{
sputnik_ip
}}
dnat
172
.
31
.
0
.
2
ip
daddr
{{
sputnik_ip
}}
dnat
to
172
.
31
.
0
.
2
}
chain
postrouting
{
type
nat
hook
postrouting
priority
100
;
policy
accept
;
ip
saddr
172
.
31
.
0
.
2
ip
protocol
icmp
snat
{{
sputnik_ip
}}
ip
saddr
172
.
31
.
0
.
2
ip
protocol
tcp
snat
{{
sputnik_ip
}}
ip
saddr
172
.
31
.
0
.
2
ip
protocol
udp
snat
{{
sputnik_ip
}}
ip
saddr
172
.
31
.
0
.
2
ip
protocol
icmp
snat
to
{{
sputnik_ip
}}
ip
saddr
172
.
31
.
0
.
2
ip
protocol
tcp
snat
to
{{
sputnik_ip
}}
ip
saddr
172
.
31
.
0
.
2
ip
protocol
udp
snat
to
{{
sputnik_ip
}}
}
}
{%
set
sputnik_ip6
= (
query
(
'ldap'
,
'ip'
,
'sputnik'
,
'adm'
) |
ipv6
)[
0
] %}
table
ip6
nat
{
chain
prerouting
{
type
nat
hook
prerouting
priority
0
;
policy
accept
;
ip6
daddr
{{
sputnik_ip6
}}
dnat
to
fd0c
:
700
:
0
:
8
::
2
}
chain
postrouting
{
type
nat
hook
postrouting
priority
100
;
policy
accept
;
ip6
saddr
fd0c
:
700
:
0
:
8
::
2
ip6
nexthdr
icmpv6
snat
to
{{
sputnik_ip6
}}
ip6
saddr
fd0c
:
700
:
0
:
8
::
2
ip6
nexthdr
tcp
snat
to
{{
sputnik_ip6
}}
ip6
saddr
fd0c
:
700
:
0
:
8
::
2
ip6
nexthdr
udp
snat
to
{{
sputnik_ip6
}}
}
}
Loading