config: shione: nftables: srt input/output

Accept incoming UDP packets over VPN, allow incoming and outgoing SRT
connections over both public network and VPN.

config/shione/nftables/files/etc/nftables.conf

@@ -5,6 +5,9 @@ flush ruleset
 define eth_iface = enp1s0
 define wg_iface = wg0
 define wg_port = 51820
+define dns_port = 53
+define srt_input_udp_port = 60001
+define srt_output_port = 60000
                                                                                  
 table inet filter {
   chain input_ipv4 {
@@ -36,8 +39,11 @@ table inet filter {
     # ip saddr 10.8.0.0/32
 
     # Allow VPN to use DNS.
-    tcp dport { 53 } accept
-    udp dport { 53 } accept
+    tcp dport { $dns_port } accept
+    udp dport {
+      $dns_port,
+      $srt_input_udp_port,
+    } accept
   }
 
   chain input {                                                              
@@ -58,6 +64,10 @@ table inet filter {
       https,
     } accept
 
+    udp dport {
+      $srt_output_port,
+    } accept
+
     # allow loopback traffic, anything else jump to chain for further evaluation
     iifname vmap { lo : accept, $eth_iface : jump input_world, $wg_iface : jump input_vpn }