table inet wireguard_{{ wg_interface }} {
    chain postrouting {
        type nat hook postrouting priority srcnat;
        oifname "{{ wan_interface }}" ip saddr {{ wg_net }} masquerade
    }

    chain forward {
        type filter hook forward priority filter;
        iifname "{{ wg_interface }}" ip saddr {{ wg_net }} counter accept
        oifname "{{ wg_interface }}" ip daddr {{ wg_net }} ct state established,related counter accept
{% for net in extra_nets %}
        iifname "{{ wg_interface }}" ip daddr {{ net }} counter accept
{% endfor %}
    }
}