yggdrasil-wg: ...

author: Gregor Kleen <gkleen@yggdrasil.li> 2021-10-09 11:30:33 +0200
committer: Gregor Kleen <gkleen@yggdrasil.li> 2021-10-09 11:30:33 +0200
commit: 8bf9f82d92c5ebdf02d8ef30a7a11ee3b889828a (patch)
tree: b944403cac6aba328ab6a895bb8c71185e40a212 /modules/yggdrasil-wg
parent: cbe13936a152eaab0e421c9dd1d19787e2ed7f16 (diff)
download: nixos-8bf9f82d92c5ebdf02d8ef30a7a11ee3b889828a.tar
nixos-8bf9f82d92c5ebdf02d8ef30a7a11ee3b889828a.tar.gz
nixos-8bf9f82d92c5ebdf02d8ef30a7a11ee3b889828a.tar.bz2
nixos-8bf9f82d92c5ebdf02d8ef30a7a11ee3b889828a.tar.xz
nixos-8bf9f82d92c5ebdf02d8ef30a7a11ee3b889828a.zip
1 files changed, 4 insertions, 4 deletions
diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix
index d0d6e522..d73c7f3f 100644
--- a/modules/yggdrasil-wg/default.nix
+++ b/modules/yggdrasil-wg/default.nix
@@ -94,14 +94,14 @@ in {
    systemd.services.firewall.path = optionals isRouter [pkgs.procps];
    networking.firewall = mkIf isRouter {
      extraCommands = ''
-        iptables -A FORWARD -i yggdrasil -o yggdrasil -j nixos-fw-accept
+        ip6tables -A FORWARD -i yggdrasil -o yggdrasil -j nixos-fw-accept
-        iptables -A FORWARD -j nixos-fw-log-refuse
+        ip46tables -A FORWARD -j nixos-fw-log-refuse
        sysctl net.ipv6.conf.all.forwarding=1
      '';
      extraStopCommands = ''
        sysctl net.ipv6.conf.all.forwarding=0
-        iptables -D FORWARD -j nixos-fw-log-refuse
+        ip46tables -D FORWARD -j nixos-fw-log-refuse || true
-        iptables -D FORWARD -i yggdrasil -o yggdrasil -j nixos-fw-accept
+        ip6tables -D FORWARD -i yggdrasil -o yggdrasil -j nixos-fw-accept || true
      '';
    };
  };
author	Gregor Kleen <gkleen@yggdrasil.li>	2021-10-09 11:30:33 +0200
committer	Gregor Kleen <gkleen@yggdrasil.li>	2021-10-09 11:30:33 +0200
commit	8bf9f82d92c5ebdf02d8ef30a7a11ee3b889828a (patch)
tree	b944403cac6aba328ab6a895bb8c71185e40a212 /modules/yggdrasil-wg
parent	cbe13936a152eaab0e421c9dd1d19787e2ed7f16 (diff)
download	nixos-8bf9f82d92c5ebdf02d8ef30a7a11ee3b889828a.tar nixos-8bf9f82d92c5ebdf02d8ef30a7a11ee3b889828a.tar.gz nixos-8bf9f82d92c5ebdf02d8ef30a7a11ee3b889828a.tar.bz2 nixos-8bf9f82d92c5ebdf02d8ef30a7a11ee3b889828a.tar.xz nixos-8bf9f82d92c5ebdf02d8ef30a7a11ee3b889828a.zip

diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix index d0d6e522..d73c7f3f 100644 --- a/modules/yggdrasil-wg/default.nix +++ b/modules/yggdrasil-wg/default.nix
@@ -94,14 +94,14 @@ in {
94	systemd.services.firewall.path = optionals isRouter [pkgs.procps];	94	systemd.services.firewall.path = optionals isRouter [pkgs.procps];
95	networking.firewall = mkIf isRouter {	95	networking.firewall = mkIf isRouter {
96	extraCommands = ''	96	extraCommands = ''
97	iptables -A FORWARD -i yggdrasil -o yggdrasil -j nixos-fw-accept	97	ip6tables -A FORWARD -i yggdrasil -o yggdrasil -j nixos-fw-accept
98	iptables -A FORWARD -j nixos-fw-log-refuse	98	ip46tables -A FORWARD -j nixos-fw-log-refuse
99	sysctl net.ipv6.conf.all.forwarding=1	99	sysctl net.ipv6.conf.all.forwarding=1
100	'';	100	'';
101	extraStopCommands = ''	101	extraStopCommands = ''
102	sysctl net.ipv6.conf.all.forwarding=0	102	sysctl net.ipv6.conf.all.forwarding=0
103	iptables -D FORWARD -j nixos-fw-log-refuse	103	ip46tables -D FORWARD -j nixos-fw-log-refuse \|\| true
104	iptables -D FORWARD -i yggdrasil -o yggdrasil -j nixos-fw-accept	104	ip6tables -D FORWARD -i yggdrasil -o yggdrasil -j nixos-fw-accept \|\| true
105	'';	105	'';
106	};	106	};
107	};	107	};