nyanloutre/nixos-config
1
1
Fork 1
Code Issues Pull Requests Releases Wiki Activity

revert a6ce24d547 (#3)

Browse Source 
revert fix firewall

Reviewed-on: #3
This commit is contained in:
nyanloutre 2024-05-14 22:54:04 +02:00
parent 1abd6bd06d
commit c5596f9a04
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
systems/LoutreOS/configuration.nix
View File

@ -107,11 +107,25 @@
];
};
extraCommands = ''
ip6tables -w -D FORWARD -j loutreos-forward 2>/dev/null || true
ip6tables -w -F loutreos-forward 2>/dev/null || true
ip6tables -w -X loutreos-forward 2>/dev/null || true
ip6tables -w -N loutreos-forward
ip6tables -A loutreos-forward -m state --state RELATED,ESTABLISHED -j ACCEPT
ip6tables -A loutreos-forward -j ACCEPT -i eno2
ip6tables -A loutreos-forward -j nixos-fw-log-refuse
ip6tables -w -A FORWARD -j loutreos-forward
# Redirect local network request from server external IP to internal IP
# Make the server available even without internet access
iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 || true
iptables -t nat -A PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1
'';
# remove refs to nixos-fw-log-refuse before restarting firewall
# prevents "ressource busy" errors
extraStopCommands = ''
ip6tables -D loutreos-forward -j nixos-fw-log-refuse 2>/dev/null || true
'';
};
};