diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2021-11-15 23:57:52 +0059 | 
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2021-11-15 23:57:52 +0059 | 
| commit | 82fc659fb977fe4858d6b47006267bd66e3caa8e (patch) | |
| tree | c3302e190dffecaab37d2396547345068ae7d4e7 /hosts/vidhar | |
| parent | ebb22b579dbcc095411fe907d7be978cab7e05f2 (diff) | |
| download | nixos-82fc659fb977fe4858d6b47006267bd66e3caa8e.tar nixos-82fc659fb977fe4858d6b47006267bd66e3caa8e.tar.gz nixos-82fc659fb977fe4858d6b47006267bd66e3caa8e.tar.bz2 nixos-82fc659fb977fe4858d6b47006267bd66e3caa8e.tar.xz nixos-82fc659fb977fe4858d6b47006267bd66e3caa8e.zip | |
vidhar: ...
Diffstat (limited to 'hosts/vidhar')
| -rw-r--r-- | hosts/vidhar/default.nix | 32 | 
1 files changed, 16 insertions, 16 deletions
| diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix index 039101be..d1955474 100644 --- a/hosts/vidhar/default.nix +++ b/hosts/vidhar/default.nix | |||
| @@ -91,11 +91,11 @@ | |||
| 91 | { from = 60000; to = 61000; } # mosh | 91 | { from = 60000; to = 61000; } # mosh | 
| 92 | ]; | 92 | ]; | 
| 93 | extraCommands = '' | 93 | extraCommands = '' | 
| 94 | ip46tables -D FORWARD -j nixos-fw-forward || true | 94 | ip46tables -D FORWARD -j nixos-fw-forward 2>/dev/null || true | 
| 95 | ip46tables -F nixos-fw-forward || true | 95 | ip46tables -F nixos-fw-forward 2>/dev/null || true | 
| 96 | ip46tables -X nixos-fw-forward || true | 96 | ip46tables -X nixos-fw-forward 2>/dev/null || true | 
| 97 | |||
| 98 | ip46tables -N nixos-fw-forward | 97 | ip46tables -N nixos-fw-forward | 
| 98 | |||
| 99 | ip46tables -A nixos-fw-forward -i eno1 -j ACCEPT | 99 | ip46tables -A nixos-fw-forward -i eno1 -j ACCEPT | 
| 100 | ip46tables -A nixos-fw-forward -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT | 100 | ip46tables -A nixos-fw-forward -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT | 
| 101 | ip6tables -A nixos-fw-forward -p icmpv6 --icmpv6-type redirect -j nixos-fw-log-refuse | 101 | ip6tables -A nixos-fw-forward -p icmpv6 --icmpv6-type redirect -j nixos-fw-log-refuse | 
| @@ -106,24 +106,24 @@ | |||
| 106 | ip46tables -A FORWARD -j nixos-fw-forward | 106 | ip46tables -A FORWARD -j nixos-fw-forward | 
| 107 | 107 | ||
| 108 | 108 | ||
| 109 | ip46tables -t nat -D POSTROUTING -j nixos-fw-postrouting-nat || true | 109 | ip46tables -t nat -D POSTROUTING -j nixos-fw-postrouting 2>/dev/null || true | 
| 110 | ip46tables -t nat -F nixos-fw-postrouting-nat || true | 110 | ip46tables -t nat -F nixos-fw-postrouting 2>/dev/null || true | 
| 111 | ip46tables -t nat -X nixos-fw-postrouting-nat || true | 111 | ip46tables -t nat -X nixos-fw-postrouting 2>/dev/null || true | 
| 112 | ip46tables -t nat -N nixos-fw-postrouting | ||
| 112 | 113 | ||
| 113 | ip46tables -t nat -N nixos-fw-postrouting-nat | 114 | iptables -t nat -A nixos-fw-postrouting -o dsl -j MASQUERADE | 
| 114 | iptables -t nat -A nixos-fw-postrouting-nat -o dsl -j MASQUERADE | ||
| 115 | 115 | ||
| 116 | ip46tables -t nat -A POSTROUTING -j nixos-fw-postrouting-nat | 116 | ip46tables -t nat -A POSTROUTING -j nixos-fw-postrouting | 
| 117 | 117 | ||
| 118 | 118 | ||
| 119 | ip46tables -t mangle -D POSTROUTING -j nixos-fw-postrouting-mangle || true | 119 | ip46tables -t mangle -D POSTROUTING -j nixos-fw-postrouting 2>/dev/null || true | 
| 120 | ip46tables -t mangle -F nixos-fw-postrouting-mangle || true | 120 | ip46tables -t mangle -F nixos-fw-postrouting 2>/dev/null || true | 
| 121 | ip46tables -t mangle -X nixos-fw-postrouting-mangle || true | 121 | ip46tables -t mangle -X nixos-fw-postrouting 2>/dev/null || true | 
| 122 | 122 | ||
| 123 | ip46tables -t mangle -N nixos-fw-postrouting-mangle | 123 | ip46tables -t mangle -N nixos-fw-postrouting | 
| 124 | ip46tables -t mangle -A nixos-fw-postrouting-mangle -o dsl -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu | 124 | ip46tables -t mangle -A nixos-fw-postrouting -o dsl -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu | 
| 125 | 125 | ||
| 126 | ip46tables -t mangle -A POSTROUTING -j nixos-fw-postrouting-mangle | 126 | ip46tables -t mangle -A POSTROUTING -j nixos-fw-postrouting | 
| 127 | ''; | 127 | ''; | 
| 128 | }; | 128 | }; | 
| 129 | }; | 129 | }; | 
