Cloonar/nixos
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

try firewall change

Browse source
This commit is contained in:
Dominik Polakovics Polakovics 2023-12-04 11:16:44 +01:00
parent 56a35728c1
commit 520979d85b
1 changed files with 7 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

8
hosts/fw.cloonar.com/modules/firewall.nix
View file

@ -177,6 +177,8 @@
iifname { "wan", "lan", "vb-*", "podman0", "wg_cloonar" } oifname { "lan", "vb-*", "podman0", "infrastructure", "multimedia", "smart", "wrwks", "wg_cloonar", "wg_epicenter", "wg_ghetto_at" } counter accept iifname { "wan", "lan", "vb-*", "podman0", "wg_cloonar" } oifname { "lan", "vb-*", "podman0", "infrastructure", "multimedia", "smart", "wrwks", "wg_cloonar", "wg_epicenter", "wg_ghetto_at" } counter accept
iifname { "infrastructure" } oifname { "podman0", "vb-omada" } counter accept iifname { "infrastructure" } oifname { "podman0", "vb-omada" } counter accept
iifname { "vb-*" } oifname { "server" } counter accept comment "from internal interfaces"
# Allow trusted network WAN access # Allow trusted network WAN access
iifname { iifname {
"lan", "lan",
@ -197,11 +199,15 @@
type nat hook prerouting priority filter; policy accept; type nat hook prerouting priority filter; policy accept;
} }
chain post {
iifname { "vb-*" } oifname { "server" } masquerade comment "from internal interfaces"
}
# Setup NAT masquerading on external interfaces # Setup NAT masquerading on external interfaces
chain postrouting { chain postrouting {
type nat hook postrouting priority filter; policy accept; type nat hook postrouting priority filter; policy accept;
oifname { "wan", "wrwks", "wg_epicenter", "wg_ghetto_at" } masquerade oifname { "wan", "wrwks", "wg_epicenter", "wg_ghetto_at" } masquerade
# iifname { "vb-*" } oifname { "server" } masquerade comment "from internal interfaces" iifname { "vb-*" } oifname { "server" } masquerade comment "from internal interfaces"
} }
} }
''; '';