nyanloutre
/
nixos-config
1
1
Fork 1
Code Issues Pull Requests Releases Wiki Activity

fix firewall

This commit is contained in:
nyanloutre 2024-05-14 12:08:15 +02:00
parent ab8c752a76
commit a6ce24d547
1 changed files with 1 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
systems/LoutreOS/configuration.nix
View File

@ -107,15 +107,6 @@
]; ];
}; };
extraCommands = '' extraCommands = ''
ip6tables -w -D FORWARD -j loutreos-forward 2>/dev/null || true
ip6tables -w -F loutreos-forward 2>/dev/null || true
ip6tables -w -X loutreos-forward 2>/dev/null || true
ip6tables -w -N loutreos-forward
ip6tables -A loutreos-forward -m state --state RELATED,ESTABLISHED -j ACCEPT
ip6tables -A loutreos-forward -j ACCEPT -i eno2
ip6tables -A loutreos-forward -j nixos-fw-log-refuse
ip6tables -w -A FORWARD -j loutreos-forward
# Redirect local network request from server external IP to internal IP # Redirect local network request from server external IP to internal IP
# Make the server available even without internet access # Make the server available even without internet access
iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 || true iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 || true
@ -139,6 +130,7 @@
}; };
dhcpPrefixDelegationConfig.SubnetId = "0"; dhcpPrefixDelegationConfig.SubnetId = "0";
}; };
"40-eno1".linkConfig.RequiredForOnline = "no";
"40-eno2" = { "40-eno2" = {
networkConfig = { networkConfig = {
IPv6SendRA = true; IPv6SendRA = true;