Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add firewall rule

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2023-12-06 14:33:34 +01:00
parent 8ba21ec498
commit 3958b1891c
2 changed files with 12 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
hosts/fw.cloonar.com/modules/firewall.nix
View File

@@ -161,6 +161,18 @@
iifname "wg_cloonar" ct state { established, related } counter accept
iifname "wg_cloonar" drop
# Allow returning traffic from wrwks and drop everthing else
iifname "wrwks" ct state { established, related } counter accept
iifname "wrwks" drop
# Allow returning traffic from wg_epicenter and drop everthing else
iifname "wg_epicenter" ct state { established, related } counter accept
iifname "wg_epicenter" drop
# Allow returning traffic from wg_ghetto_at and drop everthing else
iifname "wg_ghetto_at" ct state { established, related } counter accept
iifname "wg_ghetto_at" drop
iifname "wan" ct state { established, related } accept comment "Allow established traffic"
iifname "wan" icmp type { echo-request, destination-unreachable, time-exceeded } counter accept comment "Allow select ICMP"
iifname "wan" counter drop comment "Drop all other unsolicited traffic from wan"