nft -c rejects iif "wt0" when the interface is absent (container, or any host before NetBird); iifname matches by name and is robust to wt0 coming/going. Drop the ansible_host fixture override (the docker connection uses it as the container name) — molecule covers zone resolution, pytest covers service->IP. |
||
|---|---|---|
| .. | ||
| nftables.conf.j2 | ||