nyanloutre/nixos-config
1
1
Fork 1
Code Issues Pull Requests Releases Wiki Activity

fix rule priority

Browse Source 
main table should be first, else masqueraded packet responses will never reach internal network
This commit is contained in:
nyanloutre 2024-12-10 00:34:58 +01:00
parent 933d758e3b
commit 59435f987b
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
systems/LoutreOS/network.nix
View File

@ -151,13 +151,13 @@
# 0: from all lookup local # 0: from all lookup local
# 60: from all iif lo dport 25 lookup vpn # mails are forced to vpn table # 60: from all iif lo dport 25 lookup vpn # mails are forced to vpn table
# 4000: from all fwmark 0x1 lookup fiber # fwmark indicate established connection that must go through same interface
# 5000: from all fwmark 0x2 lookup lte
# 6000: from all fwmark 0x3 lookup vpn
# 32766: from all lookup main # main table should contain no default routes, only local network routes # 32766: from all lookup main # main table should contain no default routes, only local network routes
# 32767: from all lookup default # 32767: from all lookup default
# 40000: from all lookup fiber # first table encountered with a default route if fiber is up # 41000: from all fwmark 0x1 lookup fiber # fwmark indicate established connection that must go through same interface
# 50000: from all lookup lte # first table encountered with a default route if fiber is down # 42000: from all fwmark 0x2 lookup lte
# 43000: from all fwmark 0x3 lookup vpn
# 51000: from all lookup fiber # first table encountered with a default route if fiber is up
# 52000: from all lookup lte # first table encountered with a default route if fiber is down
systemd.network = let systemd.network = let
routeTables = { routeTables = {
@ -238,14 +238,14 @@
routingPolicyRuleConfig = { routingPolicyRuleConfig = {
FirewallMark = 1; FirewallMark = 1;
Table = routeTables.fiber; Table = routeTables.fiber;
Priority = 4000; Priority = 41000;
Family = "both"; Family = "both";
}; };
} }
{ {
routingPolicyRuleConfig = { routingPolicyRuleConfig = {
Table = routeTables.fiber; Table = routeTables.fiber;
Priority = 40000; Priority = 51000;
Family = "both"; Family = "both";
}; };
} }
@ -269,14 +269,14 @@
routingPolicyRuleConfig = { routingPolicyRuleConfig = {
FirewallMark = 2; FirewallMark = 2;
Table = routeTables.lte; Table = routeTables.lte;
Priority = 5000; Priority = 42000;
Family = "both"; Family = "both";
}; };
} }
{ {
routingPolicyRuleConfig = { routingPolicyRuleConfig = {
Table = routeTables.lte; Table = routeTables.lte;
Priority = 50000; Priority = 52000;
Family = "both"; Family = "both";
}; };
} }
@ -311,7 +311,7 @@
routingPolicyRuleConfig = { routingPolicyRuleConfig = {
FirewallMark = 3; FirewallMark = 3;
Table = routeTables.vpn; Table = routeTables.vpn;
Priority = 6000; Priority = 43000;
Family = "both"; Family = "both";
}; };
} }