changes to fw and unbound

2023-11-28 17:57:32 +01:00 · 2023-11-28 17:57:32 +01:00 · 08731a72a3
commit 08731a72a3
parent 017be187eb
2 changed files with 85 additions and 72 deletions
--- a/hosts/fw.cloonar.com/modules/firewall.nix
+++ b/hosts/fw.cloonar.com/modules/firewall.nix
@ -19,13 +19,25 @@
          chain input {
            type filter hook input priority filter; policy drop;

+            # accept any localhost traffic
+            iif lo accept
+
            # Allow trusted networks to access the router
            iifname {
-              "wan" # disable when final
+              "wan", # disable when final
              "lan",
              "wg_cloonar"
            } counter accept

+            # Allow networks to access the dns
+            iifname {
+              "lan",
+              "server",
+              "wg_cloonar",
+              "smart",
+              "multimedia"
+            } udp dport { 53, 67, 68 } tcp dport { 80, 443, 853 } counter accept
+
            # Accept mDNS for avahi reflection
            # iifname "multimedia" ip saddr <chromecast IP> tcp dport { llmnr } counter accept
            # iifname "multimedia" ip saddr <chromecast IP> udp dport { mdns, llmnr } counter accept