summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2021-11-15 09:52:16 +0059
committerGregor Kleen <gkleen@yggdrasil.li>2021-11-15 09:52:16 +0059
commit904255a139850f79a5b853e66244bd3adb909f97 (patch)
tree7763d0919ad1d3e5f3a6ab1583466f6995c0c0f5
parent7596211b892d907195887884752813c5ad0fc8f8 (diff)
downloadnixos-904255a139850f79a5b853e66244bd3adb909f97.tar
nixos-904255a139850f79a5b853e66244bd3adb909f97.tar.gz
nixos-904255a139850f79a5b853e66244bd3adb909f97.tar.bz2
nixos-904255a139850f79a5b853e66244bd3adb909f97.tar.xz
nixos-904255a139850f79a5b853e66244bd3adb909f97.zip
vidhar: ...
-rw-r--r--hosts/vidhar/default.nix25
1 files changed, 25 insertions, 0 deletions
diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix
index e8aafeb9..b558e9b4 100644
--- a/hosts/vidhar/default.nix
+++ b/hosts/vidhar/default.nix
@@ -90,6 +90,31 @@
90 allowedUDPPortRanges = [ 90 allowedUDPPortRanges = [
91 { from = 60000; to = 61000; } # mosh 91 { from = 60000; to = 61000; } # mosh
92 ]; 92 ];
93 extraCommands = ''
94 ip46tables -D FORWARD -j nixos-fw-forward 2>/dev/null || true
95 ip46tables -F nixos-fw-forward 2> /dev/null || true
96 ip46tables -X nixos-fw-forward 2> /dev/null || true
97
98 ip46tables -N nixos-fw-forward
99 ip46tables -A nixos-fw-forward -i eno1 -j ACCEPT
100 ip46tables -A nixos-fw-forward -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
101 ip6tables -A nixos-fw-forward -p icmpv6 --icmpv6-type redirect -j DROP
102 ip6tables -A nixos-fw-forward -p icmpv6 --icmpv6-type 139 -j DROP
103 ip6tables -A nixos-fw-forward -p icmpv6 -j ACCEPT
104
105 ip46tables -A nixos-fw-forward -j DROP
106 ip46tables -A FORWARD -j nixos-fw-forward
107
108
109 ip46tables -t nat -D POSTROUTING -j nixos-fw-postrouting 2>/dev/null || true
110 ip46tables -t nat -F nixos-fw-postrouting
111 ip46tables -t nat -X nixos-fw-postrouting
112
113 ip46tables -t nat -N nixos-fw-postrouting
114 iptables -t nat -A nixos-fw-postrouting -o dsl -j MASQUERADE
115
116 ip46tables -t nat -A POSTROUTING -j nixos-fw-postrouting
117 '';
93 }; 118 };
94 }; 119 };
95 120