nft only allow wg insp and pp ip to local port

author: Xiao Pan <xyz@flylightning.xyz> 2025-08-03 07:50:05 +0000
committer: Xiao Pan <xyz@flylightning.xyz> 2025-08-03 07:50:05 +0000
commit: 14bfc9d2e3941092778da303c2d4cbf867190b3a (patch)
tree: 09055d3cd6d2030b1f39a9d89157452c9d0d71ae /etc/nftables.conf
parent: 28cab65c908a4b94e6e3f4b53b2aa0de20156b23 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/etc/nftables.conf b/etc/nftables.conf
index 06d6f04e..81de9a2d 100644
--- a/etc/nftables.conf
+++ b/etc/nftables.conf
@@ -19,7 +19,8 @@ table inet my_table {
 		ct state invalid drop comment "early drop of invalid connections"
 		ct state {established, related} accept comment "allow tracked connections"
 		iifname lo accept comment "allow from loopback"
-		iifname $wg_iface accept comment "allow from wireguard"
+		iifname $wg_iface ip saddr { 10.0.0.1, 10.0.0.7 } accept comment "allow from wireguard insp and pp ip"
+		iifname $wg_iface ip6 saddr { fdc9:281f:04d7:9ee9::1, fdc9:281f:04d7:9ee9::7} accept comment "allow from wireguard insp and pp ip"
 		ip protocol icmp accept
 		meta l4proto ipv6-icmp accept
author	Xiao Pan <xyz@flylightning.xyz>	2025-08-03 07:50:05 +0000
committer	Xiao Pan <xyz@flylightning.xyz>	2025-08-03 07:50:05 +0000
commit	14bfc9d2e3941092778da303c2d4cbf867190b3a (patch)
tree	09055d3cd6d2030b1f39a9d89157452c9d0d71ae /etc/nftables.conf
parent	28cab65c908a4b94e6e3f4b53b2aa0de20156b23 (diff)