add vserver

2023-12-04 13:11:05 +01:00
parent 70e9e79717
commit 35c8bbb1ac
2 changed files with 6 additions and 8 deletions
--- a/hosts/fw.cloonar.com/modules/firewall.nix
+++ b/hosts/fw.cloonar.com/modules/firewall.nix
@@ -127,6 +127,7 @@
            iifname {
              "wan", # disable when final
              "server",
              "vserver",
              "lan",
              "wg_cloonar"
            } counter accept
@@ -135,8 +136,7 @@
            iifname {
              "lan",
              "server",
-              "vb-*",
+              "vserver",
              "podman0",
              "infrastructure",
              "wg_cloonar",
              "smart",
@@ -145,7 +145,7 @@
            iifname {
              "lan",
              "server",
-              "podman0",
+              "vserver",
              "vb-*",
              "infrastructure",
              "wg_cloonar",
@@ -177,16 +177,15 @@
            # lan and vpn to any
            # TODO: disable wan when finished
-            iifname { "wan", "lan", "server", "vb-*", "podman0", "wg_cloonar" } oifname { "lan", "vb-*", "server", "podman0", "infrastructure", "multimedia", "smart", "wrwks", "wg_cloonar", "wg_epicenter", "wg_ghetto_at" } counter accept
+            iifname { "wan", "lan", "server", "vserver", "wg_cloonar" } oifname { "lan", "vb-*", "server", "vserver", "infrastructure", "multimedia", "smart", "wrwks", "wg_cloonar", "wg_epicenter", "wg_ghetto_at" } counter accept
-            iifname { "infrastructure" } oifname { "podman0", "vb-omada" } counter accept
+            iifname { "infrastructure" } oifname { "server", "vserver" } counter accept
            # Allow trusted network WAN access
            iifname {
              "lan",
              "infrastructure",
              "vb-*",
              "server",
-              "podman0",
+              "vserver",
              "multimedia",
              "smart",
              "wg_cloonar",
--- a/hosts/fw.cloonar.com/modules/unbound.nix
+++ b/hosts/fw.cloonar.com/modules/unbound.nix
@@ -11,7 +11,6 @@
          "10.42.98.0/24 allow"
          "10.42.99.0/24 allow"
          "10.42.101.0/24 allow"
          "10.42.254.0/24 allow"
        ];
        tls-cert-bundle = "/var/lib/acme/fw.cloonar.com/fullchain.pem";
        local-zone = "\"cloonar.com\" transparent";