diff options
| -rw-r--r-- | etc/nftables.conf | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/etc/nftables.conf b/etc/nftables.conf index 85f4242f..539d0e87 100644 --- a/etc/nftables.conf +++ b/etc/nftables.conf @@ -3,7 +3,9 @@ # IPv4/IPv6 Simple & Safe firewall ruleset. # More examples in /usr/share/nftables/ and /usr/share/doc/nftables/examples/. -# some codes from https://wiki.archlinux.org/title/Nftables +# some codes from: +# https://wiki.archlinux.org/title/Nftables +# https://www.procustodibus.com/blog/2021/11/wireguard-nftables # needed for reload config using `sudo systemctl restart nftables` or `sudo nft -f /etc/nftables.conf` flush ruleset @@ -20,6 +22,7 @@ table inet my_table { ct state invalid drop comment "early drop of invalid connections" ct state {established, related} accept comment "allow tracked connections" iifname lo accept comment "allow from loopback" + iifname $wg_iface accept comment "allow from wireguard" ip protocol icmp accept meta l4proto ipv6-icmp accept |