summaryrefslogtreecommitdiff
path: root/modules/yggdrasil-wg/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/yggdrasil-wg/default.nix')
-rw-r--r--modules/yggdrasil-wg/default.nix8
1 files changed, 4 insertions, 4 deletions
diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix
index d0d6e522..d73c7f3f 100644
--- a/modules/yggdrasil-wg/default.nix
+++ b/modules/yggdrasil-wg/default.nix
@@ -94,14 +94,14 @@ in {
94 systemd.services.firewall.path = optionals isRouter [pkgs.procps]; 94 systemd.services.firewall.path = optionals isRouter [pkgs.procps];
95 networking.firewall = mkIf isRouter { 95 networking.firewall = mkIf isRouter {
96 extraCommands = '' 96 extraCommands = ''
97 iptables -A FORWARD -i yggdrasil -o yggdrasil -j nixos-fw-accept 97 ip6tables -A FORWARD -i yggdrasil -o yggdrasil -j nixos-fw-accept
98 iptables -A FORWARD -j nixos-fw-log-refuse 98 ip46tables -A FORWARD -j nixos-fw-log-refuse
99 sysctl net.ipv6.conf.all.forwarding=1 99 sysctl net.ipv6.conf.all.forwarding=1
100 ''; 100 '';
101 extraStopCommands = '' 101 extraStopCommands = ''
102 sysctl net.ipv6.conf.all.forwarding=0 102 sysctl net.ipv6.conf.all.forwarding=0
103 iptables -D FORWARD -j nixos-fw-log-refuse 103 ip46tables -D FORWARD -j nixos-fw-log-refuse || true
104 iptables -D FORWARD -i yggdrasil -o yggdrasil -j nixos-fw-accept 104 ip6tables -D FORWARD -i yggdrasil -o yggdrasil -j nixos-fw-accept || true
105 ''; 105 '';
106 }; 106 };
107 }; 107 };