revert a6ce24d547 #3
|
|
@ -107,11 +107,25 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
extraCommands = ''
|
extraCommands = ''
|
||||||
|
ip6tables -w -D FORWARD -j loutreos-forward 2>/dev/null || true
|
||||||
|
ip6tables -w -F loutreos-forward 2>/dev/null || true
|
||||||
|
ip6tables -w -X loutreos-forward 2>/dev/null || true
|
||||||
|
ip6tables -w -N loutreos-forward
|
||||||
|
ip6tables -A loutreos-forward -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||||
|
ip6tables -A loutreos-forward -j ACCEPT -i eno2
|
||||||
|
ip6tables -A loutreos-forward -j nixos-fw-log-refuse
|
||||||
|
ip6tables -w -A FORWARD -j loutreos-forward
|
||||||
|
|
||||||
# Redirect local network request from server external IP to internal IP
|
# Redirect local network request from server external IP to internal IP
|
||||||
# Make the server available even without internet access
|
# Make the server available even without internet access
|
||||||
iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 || true
|
iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 || true
|
||||||
iptables -t nat -A PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1
|
iptables -t nat -A PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1
|
||||||
'';
|
'';
|
||||||
|
# remove refs to nixos-fw-log-refuse before restarting firewall
|
||||||
|
# prevents "ressource busy" errors
|
||||||
|
extraStopCommands = ''
|
||||||
|
ip6tables -D loutreos-forward -j nixos-fw-log-refuse 2>/dev/null || true
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue