diff options
-rw-r--r-- | hosts/vidhar/default.nix | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix index e8aafeb9..b558e9b4 100644 --- a/hosts/vidhar/default.nix +++ b/hosts/vidhar/default.nix | |||
@@ -90,6 +90,31 @@ | |||
90 | allowedUDPPortRanges = [ | 90 | allowedUDPPortRanges = [ |
91 | { from = 60000; to = 61000; } # mosh | 91 | { from = 60000; to = 61000; } # mosh |
92 | ]; | 92 | ]; |
93 | extraCommands = '' | ||
94 | ip46tables -D FORWARD -j nixos-fw-forward 2>/dev/null || true | ||
95 | ip46tables -F nixos-fw-forward 2> /dev/null || true | ||
96 | ip46tables -X nixos-fw-forward 2> /dev/null || true | ||
97 | |||
98 | ip46tables -N nixos-fw-forward | ||
99 | ip46tables -A nixos-fw-forward -i eno1 -j ACCEPT | ||
100 | ip46tables -A nixos-fw-forward -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT | ||
101 | ip6tables -A nixos-fw-forward -p icmpv6 --icmpv6-type redirect -j DROP | ||
102 | ip6tables -A nixos-fw-forward -p icmpv6 --icmpv6-type 139 -j DROP | ||
103 | ip6tables -A nixos-fw-forward -p icmpv6 -j ACCEPT | ||
104 | |||
105 | ip46tables -A nixos-fw-forward -j DROP | ||
106 | ip46tables -A FORWARD -j nixos-fw-forward | ||
107 | |||
108 | |||
109 | ip46tables -t nat -D POSTROUTING -j nixos-fw-postrouting 2>/dev/null || true | ||
110 | ip46tables -t nat -F nixos-fw-postrouting | ||
111 | ip46tables -t nat -X nixos-fw-postrouting | ||
112 | |||
113 | ip46tables -t nat -N nixos-fw-postrouting | ||
114 | iptables -t nat -A nixos-fw-postrouting -o dsl -j MASQUERADE | ||
115 | |||
116 | ip46tables -t nat -A POSTROUTING -j nixos-fw-postrouting | ||
117 | ''; | ||
93 | }; | 118 | }; |
94 | }; | 119 | }; |
95 | 120 | ||