vidhar: ...

author: Gregor Kleen <gkleen@yggdrasil.li> 2021-11-15 23:57:52 +0059
committer: Gregor Kleen <gkleen@yggdrasil.li> 2021-11-15 23:57:52 +0059
commit: 82fc659fb977fe4858d6b47006267bd66e3caa8e (patch)
tree: c3302e190dffecaab37d2396547345068ae7d4e7 /hosts/vidhar/default.nix
parent: ebb22b579dbcc095411fe907d7be978cab7e05f2 (diff)
download: nixos-82fc659fb977fe4858d6b47006267bd66e3caa8e.tar
nixos-82fc659fb977fe4858d6b47006267bd66e3caa8e.tar.gz
nixos-82fc659fb977fe4858d6b47006267bd66e3caa8e.tar.bz2
nixos-82fc659fb977fe4858d6b47006267bd66e3caa8e.tar.xz
nixos-82fc659fb977fe4858d6b47006267bd66e3caa8e.zip
1 files changed, 16 insertions, 16 deletions
diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix
index 039101be..d1955474 100644
--- a/hosts/vidhar/default.nix
+++ b/hosts/vidhar/default.nix
@@ -91,11 +91,11 @@
          { from = 60000; to = 61000; } # mosh
        ];
        extraCommands = ''
-          ip46tables -D FORWARD -j nixos-fw-forward || true
+          ip46tables -D FORWARD -j nixos-fw-forward 2>/dev/null || true
-          ip46tables -F nixos-fw-forward || true
+          ip46tables -F nixos-fw-forward 2>/dev/null || true
-          ip46tables -X nixos-fw-forward || true
+          ip46tables -X nixos-fw-forward 2>/dev/null || true
          ip46tables -N nixos-fw-forward
          ip46tables -A nixos-fw-forward -i eno1 -j ACCEPT
          ip46tables -A nixos-fw-forward -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
          ip6tables -A nixos-fw-forward -p icmpv6 --icmpv6-type redirect -j nixos-fw-log-refuse
@@ -106,24 +106,24 @@
          ip46tables -A FORWARD -j nixos-fw-forward
-          ip46tables -t nat -D POSTROUTING -j nixos-fw-postrouting-nat || true
+          ip46tables -t nat -D POSTROUTING -j nixos-fw-postrouting 2>/dev/null || true
-          ip46tables -t nat -F nixos-fw-postrouting-nat || true
+          ip46tables -t nat -F nixos-fw-postrouting 2>/dev/null || true
-          ip46tables -t nat -X nixos-fw-postrouting-nat || true
+          ip46tables -t nat -X nixos-fw-postrouting 2>/dev/null || true
+          ip46tables -t nat -N nixos-fw-postrouting
-          ip46tables -t nat -N nixos-fw-postrouting-nat
+          iptables -t nat -A nixos-fw-postrouting -o dsl -j MASQUERADE
-          iptables -t nat -A nixos-fw-postrouting-nat -o dsl -j MASQUERADE
-          ip46tables -t nat -A POSTROUTING -j nixos-fw-postrouting-nat
+          ip46tables -t nat -A POSTROUTING -j nixos-fw-postrouting
-          ip46tables -t mangle -D POSTROUTING -j nixos-fw-postrouting-mangle || true
+          ip46tables -t mangle -D POSTROUTING -j nixos-fw-postrouting 2>/dev/null || true
-          ip46tables -t mangle -F nixos-fw-postrouting-mangle || true
+          ip46tables -t mangle -F nixos-fw-postrouting 2>/dev/null || true
-          ip46tables -t mangle -X nixos-fw-postrouting-mangle || true
+          ip46tables -t mangle -X nixos-fw-postrouting 2>/dev/null || true
-          ip46tables -t mangle -N nixos-fw-postrouting-mangle
+          ip46tables -t mangle -N nixos-fw-postrouting
-          ip46tables -t mangle -A nixos-fw-postrouting-mangle -o dsl -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+          ip46tables -t mangle -A nixos-fw-postrouting -o dsl -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-          ip46tables -t mangle -A POSTROUTING -j nixos-fw-postrouting-mangle
+          ip46tables -t mangle -A POSTROUTING -j nixos-fw-postrouting
        '';
      };
    };
author	Gregor Kleen <gkleen@yggdrasil.li>	2021-11-15 23:57:52 +0059
committer	Gregor Kleen <gkleen@yggdrasil.li>	2021-11-15 23:57:52 +0059
commit	82fc659fb977fe4858d6b47006267bd66e3caa8e (patch)
tree	c3302e190dffecaab37d2396547345068ae7d4e7 /hosts/vidhar/default.nix
parent	ebb22b579dbcc095411fe907d7be978cab7e05f2 (diff)
download	nixos-82fc659fb977fe4858d6b47006267bd66e3caa8e.tar nixos-82fc659fb977fe4858d6b47006267bd66e3caa8e.tar.gz nixos-82fc659fb977fe4858d6b47006267bd66e3caa8e.tar.bz2 nixos-82fc659fb977fe4858d6b47006267bd66e3caa8e.tar.xz nixos-82fc659fb977fe4858d6b47006267bd66e3caa8e.zip

diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix index 039101be..d1955474 100644 --- a/hosts/vidhar/default.nix +++ b/hosts/vidhar/default.nix
@@ -91,11 +91,11 @@
91	{ from = 60000; to = 61000; } # mosh	91	{ from = 60000; to = 61000; } # mosh
92	];	92	];
93	extraCommands = ''	93	extraCommands = ''
94	ip46tables -D FORWARD -j nixos-fw-forward \|\| true	94	ip46tables -D FORWARD -j nixos-fw-forward 2>/dev/null \|\| true
95	ip46tables -F nixos-fw-forward \|\| true	95	ip46tables -F nixos-fw-forward 2>/dev/null \|\| true
96	ip46tables -X nixos-fw-forward \|\| true	96	ip46tables -X nixos-fw-forward 2>/dev/null \|\| true
97
98	ip46tables -N nixos-fw-forward	97	ip46tables -N nixos-fw-forward
		98
99	ip46tables -A nixos-fw-forward -i eno1 -j ACCEPT	99	ip46tables -A nixos-fw-forward -i eno1 -j ACCEPT
100	ip46tables -A nixos-fw-forward -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT	100	ip46tables -A nixos-fw-forward -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
101	ip6tables -A nixos-fw-forward -p icmpv6 --icmpv6-type redirect -j nixos-fw-log-refuse	101	ip6tables -A nixos-fw-forward -p icmpv6 --icmpv6-type redirect -j nixos-fw-log-refuse
@@ -106,24 +106,24 @@
106	ip46tables -A FORWARD -j nixos-fw-forward	106	ip46tables -A FORWARD -j nixos-fw-forward
107		107
108		108
109	ip46tables -t nat -D POSTROUTING -j nixos-fw-postrouting-nat \|\| true	109	ip46tables -t nat -D POSTROUTING -j nixos-fw-postrouting 2>/dev/null \|\| true
110	ip46tables -t nat -F nixos-fw-postrouting-nat \|\| true	110	ip46tables -t nat -F nixos-fw-postrouting 2>/dev/null \|\| true
111	ip46tables -t nat -X nixos-fw-postrouting-nat \|\| true	111	ip46tables -t nat -X nixos-fw-postrouting 2>/dev/null \|\| true
		112	ip46tables -t nat -N nixos-fw-postrouting
112		113
113	ip46tables -t nat -N nixos-fw-postrouting-nat	114	iptables -t nat -A nixos-fw-postrouting -o dsl -j MASQUERADE
114	iptables -t nat -A nixos-fw-postrouting-nat -o dsl -j MASQUERADE
115		115
116	ip46tables -t nat -A POSTROUTING -j nixos-fw-postrouting-nat	116	ip46tables -t nat -A POSTROUTING -j nixos-fw-postrouting
117		117
118		118
119	ip46tables -t mangle -D POSTROUTING -j nixos-fw-postrouting-mangle \|\| true	119	ip46tables -t mangle -D POSTROUTING -j nixos-fw-postrouting 2>/dev/null \|\| true
120	ip46tables -t mangle -F nixos-fw-postrouting-mangle \|\| true	120	ip46tables -t mangle -F nixos-fw-postrouting 2>/dev/null \|\| true
121	ip46tables -t mangle -X nixos-fw-postrouting-mangle \|\| true	121	ip46tables -t mangle -X nixos-fw-postrouting 2>/dev/null \|\| true
122		122
123	ip46tables -t mangle -N nixos-fw-postrouting-mangle	123	ip46tables -t mangle -N nixos-fw-postrouting
124	ip46tables -t mangle -A nixos-fw-postrouting-mangle -o dsl -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu	124	ip46tables -t mangle -A nixos-fw-postrouting -o dsl -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
125		125
126	ip46tables -t mangle -A POSTROUTING -j nixos-fw-postrouting-mangle	126	ip46tables -t mangle -A POSTROUTING -j nixos-fw-postrouting
127	'';	127	'';
128	};	128	};
129	};	129	};