51 lines
1.1 KiB
Django/Jinja
51 lines
1.1 KiB
Django/Jinja
{% set fw = inventory_hostname.split('-')[1]|int -%}
|
|
|
|
Sync {
|
|
Mode FTFW {
|
|
# Add received rules immediately so we don’t need a signal on failover.
|
|
DisableExternalCache yes
|
|
# Get all connections on startup.
|
|
StartupResync yes
|
|
}
|
|
|
|
UDP {
|
|
Interface {{ iface_sync }}
|
|
IPv6_address fe80::{{ fw }}
|
|
IPv6_Destination_Address fe80::{{ 2 if fw == 1 else 1 }}
|
|
Port 3780
|
|
|
|
# Recommended by manual.
|
|
Checksum on
|
|
RcvSocketBuffer 1249280
|
|
SndSocketBuffer 1249280
|
|
}
|
|
|
|
#Options {
|
|
# TCPWindowTracking Off
|
|
#}
|
|
}
|
|
|
|
General {
|
|
UNIX {
|
|
Path /var/run/conntrackd.ctl
|
|
}
|
|
Syslog on
|
|
|
|
# Recommended by manual.
|
|
HashLimit 524288
|
|
NetlinkBufferSize 2097152
|
|
NetlinkBufferSizeMaxGrowth 8388608
|
|
|
|
Filter From Kernelspace {
|
|
# Don’t replicate rules for traffic from/to firewall.
|
|
Address Ignore {
|
|
IPv4_address 127.0.0.1/8
|
|
IPv6_address ::1/128
|
|
IPv6_address fe80::/64 # link-local addresses
|
|
IPv4_address {{ wg_ip }}
|
|
{% for address in interfaces | map(attribute='ip_addresses') | flatten | sort(attribute='address') %}
|
|
IPv{{ address.family.value }}_address {{ address.address }}
|
|
{% endfor %}
|
|
}
|
|
}
|
|
}
|