From 0e9d895e778b592bc9e823ee2a06e5b15dd638eb Mon Sep 17 00:00:00 2001
From: Niklas Yann Wettengel <niyawe@niyawe.de>
Date: Thu, 25 Jan 2018 18:10:43 +0100
Subject: added mullvad uplink

---
 roles/configure_iptables/templates/ip6tables.rules | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

(limited to 'roles/configure_iptables/templates/ip6tables.rules')

diff --git a/roles/configure_iptables/templates/ip6tables.rules b/roles/configure_iptables/templates/ip6tables.rules
index 0f31387..913ac7c 100644
--- a/roles/configure_iptables/templates/ip6tables.rules
+++ b/roles/configure_iptables/templates/ip6tables.rules
@@ -10,13 +10,18 @@
 {% endfor %}
 {% endif %}
 
-{% if 'ffrl_uplink' in group_names %}
+{% if 'fastd' in group_names %}
+{% for peer in groups['ffrl_uplink'] %}
+-A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff
+{% endfor %}
+{% endif %}
+{% if 'mullvad_uplink' in group_names %}
 {% for peer in groups['fastd'] %}
 -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff
 {% endfor %}
 {% endif %}
-{% if 'fastd' in group_names %}
-{% for peer in groups['ffrl_uplink'] %}
+{% if 'ffrl_uplink' in group_names %}
+{% for peer in groups['fastd'] %}
 -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff
 {% endfor %}
 {% endif %}
@@ -47,13 +52,18 @@ COMMIT
 {% endfor %}
 {% endif %}
 # wireguard_backbone
-{% if 'ffrl_uplink' in group_names %}
+{% if 'fastd' in group_names %}
+{% for peer in groups['ffrl_uplink'] %}
+-A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT
+{% endfor %}
+{% endif %}
+{% if 'mullvad_uplink' in group_names %}
 {% for peer in groups['fastd'] %}
 -A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT
 {% endfor %}
 {% endif %}
-{% if 'fastd' in group_names %}
-{% for peer in groups['ffrl_uplink'] %}
+{% if 'ffrl_uplink' in group_names %}
+{% for peer in groups['fastd'] %}
 -A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT
 {% endfor %}
 {% endif %}
-- 
cgit v1.2.3-54-g00ecf