vidhar: ...

author: Gregor Kleen <gkleen@yggdrasil.li> 2021-11-15 09:52:16 +0059
committer: Gregor Kleen <gkleen@yggdrasil.li> 2021-11-15 09:52:16 +0059
commit: 904255a139850f79a5b853e66244bd3adb909f97 (patch)
tree: 7763d0919ad1d3e5f3a6ab1583466f6995c0c0f5 /hosts
parent: 7596211b892d907195887884752813c5ad0fc8f8 (diff)
download: nixos-904255a139850f79a5b853e66244bd3adb909f97.tar
nixos-904255a139850f79a5b853e66244bd3adb909f97.tar.gz
nixos-904255a139850f79a5b853e66244bd3adb909f97.tar.bz2
nixos-904255a139850f79a5b853e66244bd3adb909f97.tar.xz
nixos-904255a139850f79a5b853e66244bd3adb909f97.zip
1 files changed, 25 insertions, 0 deletions
diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix
index e8aafeb9..b558e9b4 100644
--- a/hosts/vidhar/default.nix
+++ b/hosts/vidhar/default.nix
@@ -90,6 +90,31 @@
        allowedUDPPortRanges = [
          { from = 60000; to = 61000; } # mosh
        ];
+        extraCommands = ''
+          ip46tables -D FORWARD -j nixos-fw-forward 2>/dev/null || true
+          ip46tables -F nixos-fw-forward 2> /dev/null || true
+          ip46tables -X nixos-fw-forward 2> /dev/null || true
+          ip46tables -N nixos-fw-forward
+          ip46tables -A nixos-fw-forward -i eno1 -j ACCEPT
+          ip46tables -A nixos-fw-forward -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+          ip6tables -A nixos-fw-forward -p icmpv6 --icmpv6-type redirect -j DROP
+          ip6tables -A nixos-fw-forward -p icmpv6 --icmpv6-type 139 -j DROP
+          ip6tables -A nixos-fw-forward -p icmpv6 -j ACCEPT
+          ip46tables -A nixos-fw-forward -j DROP 
+          ip46tables -A FORWARD -j nixos-fw-forward
+          ip46tables -t nat -D POSTROUTING -j nixos-fw-postrouting 2>/dev/null || true
+          ip46tables -t nat -F nixos-fw-postrouting
+          ip46tables -t nat -X nixos-fw-postrouting
+          ip46tables -t nat -N nixos-fw-postrouting
+          iptables -t nat -A nixos-fw-postrouting -o dsl -j MASQUERADE
+          ip46tables -t nat -A POSTROUTING -j nixos-fw-postrouting
+        '';
      };
    };
author	Gregor Kleen <gkleen@yggdrasil.li>	2021-11-15 09:52:16 +0059
committer	Gregor Kleen <gkleen@yggdrasil.li>	2021-11-15 09:52:16 +0059
commit	904255a139850f79a5b853e66244bd3adb909f97 (patch)
tree	7763d0919ad1d3e5f3a6ab1583466f6995c0c0f5 /hosts
parent	7596211b892d907195887884752813c5ad0fc8f8 (diff)
download	nixos-904255a139850f79a5b853e66244bd3adb909f97.tar nixos-904255a139850f79a5b853e66244bd3adb909f97.tar.gz nixos-904255a139850f79a5b853e66244bd3adb909f97.tar.bz2 nixos-904255a139850f79a5b853e66244bd3adb909f97.tar.xz nixos-904255a139850f79a5b853e66244bd3adb909f97.zip

diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix index e8aafeb9..b558e9b4 100644 --- a/hosts/vidhar/default.nix +++ b/hosts/vidhar/default.nix
@@ -90,6 +90,31 @@
90	allowedUDPPortRanges = [	90	allowedUDPPortRanges = [
91	{ from = 60000; to = 61000; } # mosh	91	{ from = 60000; to = 61000; } # mosh
92	];	92	];
		93	extraCommands = ''
		94	ip46tables -D FORWARD -j nixos-fw-forward 2>/dev/null \|\| true
		95	ip46tables -F nixos-fw-forward 2> /dev/null \|\| true
		96	ip46tables -X nixos-fw-forward 2> /dev/null \|\| true
		97
		98	ip46tables -N nixos-fw-forward
		99	ip46tables -A nixos-fw-forward -i eno1 -j ACCEPT
		100	ip46tables -A nixos-fw-forward -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
		101	ip6tables -A nixos-fw-forward -p icmpv6 --icmpv6-type redirect -j DROP
		102	ip6tables -A nixos-fw-forward -p icmpv6 --icmpv6-type 139 -j DROP
		103	ip6tables -A nixos-fw-forward -p icmpv6 -j ACCEPT
		104
		105	ip46tables -A nixos-fw-forward -j DROP
		106	ip46tables -A FORWARD -j nixos-fw-forward
		107
		108
		109	ip46tables -t nat -D POSTROUTING -j nixos-fw-postrouting 2>/dev/null \|\| true
		110	ip46tables -t nat -F nixos-fw-postrouting
		111	ip46tables -t nat -X nixos-fw-postrouting
		112
		113	ip46tables -t nat -N nixos-fw-postrouting
		114	iptables -t nat -A nixos-fw-postrouting -o dsl -j MASQUERADE
		115
		116	ip46tables -t nat -A POSTROUTING -j nixos-fw-postrouting
		117	'';
93	};	118	};
94	};	119	};
95		120