1 files changed, 25 insertions, 0 deletions
diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix
index e8aafeb9..b558e9b4 100644
--- a/hosts/vidhar/default.nix
+++ b/hosts/vidhar/default.nix
@@ -90,6 +90,31 @@
        allowedUDPPortRanges = [
          { from = 60000; to = 61000; } # mosh
        ];
+        extraCommands = ''
+          ip46tables -D FORWARD -j nixos-fw-forward 2>/dev/null || true
+          ip46tables -F nixos-fw-forward 2> /dev/null || true
+          ip46tables -X nixos-fw-forward 2> /dev/null || true
+          ip46tables -N nixos-fw-forward
+          ip46tables -A nixos-fw-forward -i eno1 -j ACCEPT
+          ip46tables -A nixos-fw-forward -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+          ip6tables -A nixos-fw-forward -p icmpv6 --icmpv6-type redirect -j DROP
+          ip6tables -A nixos-fw-forward -p icmpv6 --icmpv6-type 139 -j DROP
+          ip6tables -A nixos-fw-forward -p icmpv6 -j ACCEPT
+          ip46tables -A nixos-fw-forward -j DROP 
+          ip46tables -A FORWARD -j nixos-fw-forward
+          ip46tables -t nat -D POSTROUTING -j nixos-fw-postrouting 2>/dev/null || true
+          ip46tables -t nat -F nixos-fw-postrouting
+          ip46tables -t nat -X nixos-fw-postrouting
+          ip46tables -t nat -N nixos-fw-postrouting
+          iptables -t nat -A nixos-fw-postrouting -o dsl -j MASQUERADE
+          ip46tables -t nat -A POSTROUTING -j nixos-fw-postrouting
+        '';
      };
    };

diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix index e8aafeb9..b558e9b4 100644 --- a/hosts/vidhar/default.nix +++ b/hosts/vidhar/default.nix
@@ -90,6 +90,31 @@
90	allowedUDPPortRanges = [	90	allowedUDPPortRanges = [
91	{ from = 60000; to = 61000; } # mosh	91	{ from = 60000; to = 61000; } # mosh
92	];	92	];
		93	extraCommands = ''
		94	ip46tables -D FORWARD -j nixos-fw-forward 2>/dev/null \|\| true
		95	ip46tables -F nixos-fw-forward 2> /dev/null \|\| true
		96	ip46tables -X nixos-fw-forward 2> /dev/null \|\| true
		97
		98	ip46tables -N nixos-fw-forward
		99	ip46tables -A nixos-fw-forward -i eno1 -j ACCEPT
		100	ip46tables -A nixos-fw-forward -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
		101	ip6tables -A nixos-fw-forward -p icmpv6 --icmpv6-type redirect -j DROP
		102	ip6tables -A nixos-fw-forward -p icmpv6 --icmpv6-type 139 -j DROP
		103	ip6tables -A nixos-fw-forward -p icmpv6 -j ACCEPT
		104
		105	ip46tables -A nixos-fw-forward -j DROP
		106	ip46tables -A FORWARD -j nixos-fw-forward
		107
		108
		109	ip46tables -t nat -D POSTROUTING -j nixos-fw-postrouting 2>/dev/null \|\| true
		110	ip46tables -t nat -F nixos-fw-postrouting
		111	ip46tables -t nat -X nixos-fw-postrouting
		112
		113	ip46tables -t nat -N nixos-fw-postrouting
		114	iptables -t nat -A nixos-fw-postrouting -o dsl -j MASQUERADE
		115
		116	ip46tables -t nat -A POSTROUTING -j nixos-fw-postrouting
		117	'';
93	};	118	};
94	};	119	};
95		120