From c56a1a40fdf89a17a75b372be9a8218b7c2649d2 Mon Sep 17 00:00:00 2001
From: Xiao Pan <xyz@flylightning.xyz>
Date: Fri, 29 Aug 2025 08:57:35 +0000
Subject: nft disallow pp wg ip because no need

---
 etc/nftables.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'etc/nftables.conf')

diff --git a/etc/nftables.conf b/etc/nftables.conf
index f0759c65..28188bb2 100644
--- a/etc/nftables.conf
+++ b/etc/nftables.conf
@@ -19,8 +19,8 @@ table inet my_table {
 		ct state invalid drop comment "early drop of invalid connections"
 		ct state {established, related} accept comment "allow tracked connections"
 		iifname lo accept comment "allow from loopback"
-		iifname $wg_iface ip saddr { 10.0.0.1, 10.0.0.7 } accept comment "allow from wireguard insp and pp ip"
-		iifname $wg_iface ip6 saddr { fdc9:281f:04d7:9ee9::1, fdc9:281f:04d7:9ee9::7} accept comment "allow from wireguard insp and pp ip"
+		iifname $wg_iface ip saddr 10.0.0.1 accept comment "allow from wireguard insp ip"
+		iifname $wg_iface ip6 saddr fdc9:281f:04d7:9ee9::1 accept comment "allow from wireguard insp ip"
 		ip protocol icmp accept
 		meta l4proto ipv6-icmp accept
 
-- 
cgit v1.2.3-70-g09d2