1 files changed, 4 insertions, 8 deletions

diff --git a/etc/nftables.conf b/etc/nftables.conf
index ec199ffb..ecac4baa 100644
--- a/etc/nftables.conf
+++ b/etc/nftables.conf
@@ -29,9 +29,11 @@ table inet my_table {
 		tcp dport ssh accept
 		tcp dport iperf3 accept
 		udp dport wireguard accept
+		# mimic is both tcp and udp see perma link:
+		# https://github.com/hack3ric/mimic/blob/572a2ae5aeaa156afc2d6064a763e842962735bf/docs/getting-started.md#firewall
+		tcp dport swgp accept
 		udp dport swgp accept
 		tcp dport monerod-p2p accept
-		tcp dport phantun accept
 
 		pkttype host limit rate 5/second counter reject with icmpx type admin-prohibited
 		counter comment "count any other traffic"
@@ -47,9 +49,6 @@ table inet my_table {
 		#iifname $pub_iface oifname $wg_iface accept
 		iifname $wg_iface accept
 		oifname $wg_iface accept
-		# needed for phantun?
-		iifname pt0 accept
-		oifname pt0 accept
 	}
 
 	chain my_output {
@@ -67,15 +66,12 @@ table inet nat {
 	# also vice versa, no need `chain postrouting` if has `chain prerouting`
 	# more see https://www.procustodibus.com/blog/2021/11/wireguard-nftables/
 	chain prerouting {
-		type nat hook prerouting priority dstnat
+		type nat hook prerouting priority -100
 		policy accept
 		# port forwarding from client
 		# https://www.procustodibus.com/blog/2022/09/wireguard-port-forward-from-internet
 		iifname $pub_iface tcp dport monerod-p2p dnat ip to 10.0.0.1:monerod-p2p
 		iifname $pub_iface tcp dport monerod-p2p dnat ip6 to [fdc9:281f:04d7:9ee9::1]:monerod-p2p
-		# needed for phantun
-		iifname $pub_iface tcp dport phantun dnat ip to 10.0.2.2
-		iifname $pub_iface tcp dport phantun dnat ip6 to fdc9:281f:04d7:9eeb::2
 	}
 	# for all packets to $pub_iface, after routing, replace source address with primary IP of $pub_iface interface
 	chain postrouting {