nft only allow insp wg ip to access local web services like qbt-nox and jackett webui

author: Xiao Pan <xyz@flylightning.xyz> 2025-06-17 07:26:23 +0000
committer: Xiao Pan <xyz@flylightning.xyz> 2025-06-17 07:26:23 +0000
commit: a25cd0a0a35840e8b94ff0cefcc7e24d58454973 (patch)
tree: e652b9125ad2330643061456d12ef838b8eeea28 /etc/netns/ns0/nftables.conf
parent: 2395f82ea732901d69699d30af657c87a4546ac5 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/etc/netns/ns0/nftables.conf b/etc/netns/ns0/nftables.conf
index b0c1237c..2d6a6e48 100644
--- a/etc/netns/ns0/nftables.conf
+++ b/etc/netns/ns0/nftables.conf
@@ -22,7 +22,8 @@ table inet my_table {
 		ct state invalid drop comment "early drop of invalid connections"
 		ct state {established, related} accept comment "allow tracked connections"
 		iifname lo accept comment "allow from loopback"
-		iifname $wg_iface accept comment "allow from wireguard"
+		iifname $wg_iface ip saddr 10.0.0.1 accept comment "allow from wireguard insp ip"
+		iifname $wg_iface ip6 saddr fdc9:281f:04d7:9ee9::1 accept comment "allow from wireguard insp ip"
 		ip protocol icmp accept
 		meta l4proto ipv6-icmp accept
author	Xiao Pan <xyz@flylightning.xyz>	2025-06-17 07:26:23 +0000
committer	Xiao Pan <xyz@flylightning.xyz>	2025-06-17 07:26:23 +0000
commit	a25cd0a0a35840e8b94ff0cefcc7e24d58454973 (patch)
tree	e652b9125ad2330643061456d12ef838b8eeea28 /etc/netns/ns0/nftables.conf
parent	2395f82ea732901d69699d30af657c87a4546ac5 (diff)