From 904255a139850f79a5b853e66244bd3adb909f97 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 15 Nov 2021 09:52:16 +0059
Subject: vidhar: ...

---
 hosts/vidhar/default.nix | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

(limited to 'hosts/vidhar/default.nix')

diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix
index e8aafeb9..b558e9b4 100644
--- a/hosts/vidhar/default.nix
+++ b/hosts/vidhar/default.nix
@@ -90,6 +90,31 @@
         allowedUDPPortRanges = [
           { from = 60000; to = 61000; } # mosh
         ];
+        extraCommands = ''
+          ip46tables -D FORWARD -j nixos-fw-forward 2>/dev/null || true
+          ip46tables -F nixos-fw-forward 2> /dev/null || true
+          ip46tables -X nixos-fw-forward 2> /dev/null || true
+
+          ip46tables -N nixos-fw-forward
+          ip46tables -A nixos-fw-forward -i eno1 -j ACCEPT
+          ip46tables -A nixos-fw-forward -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+          ip6tables -A nixos-fw-forward -p icmpv6 --icmpv6-type redirect -j DROP
+          ip6tables -A nixos-fw-forward -p icmpv6 --icmpv6-type 139 -j DROP
+          ip6tables -A nixos-fw-forward -p icmpv6 -j ACCEPT
+
+          ip46tables -A nixos-fw-forward -j DROP 
+          ip46tables -A FORWARD -j nixos-fw-forward
+
+
+          ip46tables -t nat -D POSTROUTING -j nixos-fw-postrouting 2>/dev/null || true
+          ip46tables -t nat -F nixos-fw-postrouting
+          ip46tables -t nat -X nixos-fw-postrouting
+
+          ip46tables -t nat -N nixos-fw-postrouting
+          iptables -t nat -A nixos-fw-postrouting -o dsl -j MASQUERADE
+
+          ip46tables -t nat -A POSTROUTING -j nixos-fw-postrouting
+        '';
       };
     };
 
-- 
cgit v1.2.3