1 files changed, 16 insertions, 6 deletions

diff --git a/roles/configure_iptables/templates/ip6tables.rules b/roles/configure_iptables/templates/ip6tables.rules
index 0f31387..913ac7c 100644
--- a/roles/configure_iptables/templates/ip6tables.rules
+++ b/roles/configure_iptables/templates/ip6tables.rules
@@ -10,13 +10,18 @@
 {% endfor %}
 {% endif %}
 
-{% if 'ffrl_uplink' in group_names %}
+{% if 'fastd' in group_names %}
+{% for peer in groups['ffrl_uplink'] %}
+-A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff
+{% endfor %}
+{% endif %}
+{% if 'mullvad_uplink' in group_names %}
 {% for peer in groups['fastd'] %}
 -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff
 {% endfor %}
 {% endif %}
-{% if 'fastd' in group_names %}
-{% for peer in groups['ffrl_uplink'] %}
+{% if 'ffrl_uplink' in group_names %}
+{% for peer in groups['fastd'] %}
 -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff
 {% endfor %}
 {% endif %}
@@ -47,13 +52,18 @@ COMMIT
 {% endfor %}
 {% endif %}
 # wireguard_backbone
-{% if 'ffrl_uplink' in group_names %}
+{% if 'fastd' in group_names %}
+{% for peer in groups['ffrl_uplink'] %}
+-A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT
+{% endfor %}
+{% endif %}
+{% if 'mullvad_uplink' in group_names %}
 {% for peer in groups['fastd'] %}
 -A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT
 {% endfor %}
 {% endif %}
-{% if 'fastd' in group_names %}
-{% for peer in groups['ffrl_uplink'] %}
+{% if 'ffrl_uplink' in group_names %}
+{% for peer in groups['fastd'] %}
 -A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT
 {% endfor %}
 {% endif %}