From bdc8239c195fe865c26b83a125233df0a7bd02ca Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 14 May 2024 22:24:36 +0200 Subject: [PATCH 1/5] revert a6ce24d547353e461327b4dd17f5a7a553501a50 revert fix firewall --- systems/LoutreOS/configuration.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 5da49ec..9cabaec 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -107,6 +107,15 @@ ]; }; extraCommands = '' + ip6tables -w -D FORWARD -j loutreos-forward 2>/dev/null || true + ip6tables -w -F loutreos-forward 2>/dev/null || true + ip6tables -w -X loutreos-forward 2>/dev/null || true + ip6tables -w -N loutreos-forward + ip6tables -A loutreos-forward -m state --state RELATED,ESTABLISHED -j ACCEPT + ip6tables -A loutreos-forward -j ACCEPT -i eno2 + ip6tables -A loutreos-forward -j nixos-fw-log-refuse + ip6tables -w -A FORWARD -j loutreos-forward + # Redirect local network request from server external IP to internal IP # Make the server available even without internet access iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 || true @@ -130,7 +139,6 @@ }; dhcpPrefixDelegationConfig.SubnetId = "0"; }; - "40-eno1".linkConfig.RequiredForOnline = "no"; "40-eno2" = { networkConfig = { IPv6SendRA = true; -- 2.44.1 From f7e125b3f081bda5d0f3014a6f39cc2ca610603b Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 14 May 2024 22:26:42 +0200 Subject: [PATCH 2/5] Update systems/LoutreOS/configuration.nix --- systems/LoutreOS/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 9cabaec..5dea659 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -139,6 +139,7 @@ }; dhcpPrefixDelegationConfig.SubnetId = "0"; }; + "40-eno1".linkConfig.RequiredForOnline = "no"; "40-eno2" = { networkConfig = { IPv6SendRA = true; -- 2.44.1 From 485a518e505171c3419cee5464ddff7fcce209d7 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 14 May 2024 22:43:29 +0200 Subject: [PATCH 3/5] Update systems/LoutreOS/configuration.nix --- systems/LoutreOS/configuration.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 5dea659..12803a9 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -121,6 +121,9 @@ iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 || true iptables -t nat -A PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 ''; + extraStopCommands = '' + + ''; }; }; -- 2.44.1 From a1d16f1e765d17d1c19558113a45974a1e1a5e6d Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 14 May 2024 22:47:48 +0200 Subject: [PATCH 4/5] Update systems/LoutreOS/configuration.nix --- systems/LoutreOS/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 12803a9..8a2497d 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -122,7 +122,7 @@ iptables -t nat -A PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 ''; extraStopCommands = '' - + ip6tables -D loutreos-forward -j nixos-fw-log-refuse 2>/dev/null || true ''; }; }; -- 2.44.1 From ff415c980ca4e0a1a2870c9ea2f5e6a8e7d97e81 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 14 May 2024 22:51:08 +0200 Subject: [PATCH 5/5] Update systems/LoutreOS/configuration.nix --- systems/LoutreOS/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 8a2497d..a6e4dca 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -121,6 +121,8 @@ iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 || true iptables -t nat -A PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 ''; + # remove refs to nixos-fw-log-refuse before restarting firewall + # prevents "ressource busy" errors extraStopCommands = '' ip6tables -D loutreos-forward -j nixos-fw-log-refuse 2>/dev/null || true ''; -- 2.44.1