diff options
author | Christian Pointner <equinox@spreadspace.org> | 2022-01-30 16:05:53 +0100 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2022-01-30 16:05:53 +0100 |
commit | bff77c7fb34e9ba0ae1f42ba920ff09f9faca30d (patch) | |
tree | 863169455284f182f955278035e1ea5ad72f7430 /roles/network/wireguard/gateway/tasks/main.yml | |
parent | cleanup wireguard/p2p role (diff) |
wireguard/gateway: switch to nftables
Diffstat (limited to 'roles/network/wireguard/gateway/tasks/main.yml')
-rw-r--r-- | roles/network/wireguard/gateway/tasks/main.yml | 18 |
1 files changed, 4 insertions, 14 deletions
diff --git a/roles/network/wireguard/gateway/tasks/main.yml b/roles/network/wireguard/gateway/tasks/main.yml index bc14db1b..0234fc6c 100644 --- a/roles/network/wireguard/gateway/tasks/main.yml +++ b/roles/network/wireguard/gateway/tasks/main.yml @@ -26,25 +26,15 @@ state: started -- name: create iptables service unit +- name: install nftables rules loop: "{{ wireguard_gateway_tunnels | dict2items }}" loop_control: label: "{{ item.key }}" when: "'ip_snat' in item.value or 'port_forwardings' in item.value" template: - src: systemd-iptables.service.j2 - dest: "/etc/systemd/system/wireguard-gateway-{{ item.key }}-iptables.service" - -- name: enable/start iptables service unit - loop: "{{ wireguard_gateway_tunnels | dict2items }}" - loop_control: - label: "{{ item.key }}" - when: "'ip_snat' in item.value or 'port_forwardings' in item.value" - systemd: - daemon_reload: yes - name: "wireguard-gateway-{{ item.key }}-iptables.service" - enabled: yes - state: started + src: nftables.rules.j2 + dest: "/etc/nftables.d/wireguard-gateway-{{ item.key }}.nft" + notify: reload nftables - name: install workaround for default-gateway handling |