Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

remove wan from firewall, combine rule

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2023-12-06 15:20:48 +01:00
parent a45efc80dd
commit 6cfaa64fd2
1 changed files with 2 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
hosts/fw.cloonar.com/modules/firewall.nix
View File

@@ -125,7 +125,6 @@
# Allow trusted networks to access the router # Allow trusted networks to access the router
iifname { iifname {
"wan", # disable when final
"server", "server",
"vserver", "vserver",
"lan", "lan",
@@ -189,7 +188,7 @@
# lan and vpn to any # lan and vpn to any
# TODO: disable wan when finished # TODO: disable wan when finished
iifname { "wan", "lan", "server", "vserver", "wg_cloonar" } oifname { "lan", "vb-*", "server", "vserver", "infrastructure", "multimedia", "smart", "wg_cloonar" } counter accept iifname { "lan", "server", "vserver", "wg_cloonar" } oifname { "lan", "vb-*", "server", "vserver", "infrastructure", "multimedia", "smart", "wg_cloonar" } counter accept
iifname { "lan", "server", "wg_cloonar" } oifname { "wrwks", "wg_epicenter", "wg_ghetto_at" } counter accept iifname { "lan", "server", "wg_cloonar" } oifname { "wrwks", "wg_epicenter", "wg_ghetto_at" } counter accept
iifname { "infrastructure" } oifname { "server", "vserver" } counter accept iifname { "infrastructure" } oifname { "server", "vserver" } counter accept
@@ -219,10 +218,7 @@
# Setup NAT masquerading on external interfaces # Setup NAT masquerading on external interfaces
chain postrouting { chain postrouting {
type nat hook postrouting priority filter; policy accept; type nat hook postrouting priority filter; policy accept;
oifname { "wan" } masquerade oifname { "wan", "wrwks", "wg_epicenter", "wg_ghetto_at" } masquerade
oifname { "wrwks" } masquerade
oifname { "wg_epicenter" } masquerade
oifname { "wg_ghetto_at" } masquerade
} }
} }
''; '';