Cloonar/nixos
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

add vserver interface to fw

Browse source
This commit is contained in:
Dominik Polakovics Polakovics 2023-12-03 21:29:52 +01:00
parent bae3bb97fd
commit 75daf49c98
1 changed files with 5 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
hosts/fw.cloonar.com/modules/firewall.nix
View file

@ -72,6 +72,7 @@
"lan", "lan",
"podman0", "podman0",
"server", "server",
"vserver",
"infrastructure", "infrastructure",
"wg_cloonar", "wg_cloonar",
"smart", "smart",
@ -81,6 +82,7 @@
"lan", "lan",
"podman0", "podman0",
"server", "server",
"vserver",
"infrastructure", "infrastructure",
"wg_cloonar", "wg_cloonar",
"smart", "smart",
@ -111,14 +113,15 @@
# lan and vpn to any # lan and vpn to any
# TODO: disable wan when finished # TODO: disable wan when finished
iifname { "wan", "lan", "server", "podman0", "wg_cloonar" } oifname { "lan", "server", "podman0", "infrastructure", "multimedia", "smart", "wrwks", "wg_cloonar", "wg_epicenter", "wg_ghetto_at" } counter accept iifname { "wan", "lan", "server", "vserver", "podman0", "wg_cloonar" } oifname { "lan", "server", "vserver", "podman0", "infrastructure", "multimedia", "smart", "wrwks", "wg_cloonar", "wg_epicenter", "wg_ghetto_at" } counter accept
iifname { "infrastructure" } oifname { "podman0", "server" } counter accept iifname { "infrastructure" } oifname { "podman0", "server", "vserver" } counter accept
# Allow trusted network WAN access # Allow trusted network WAN access
iifname { iifname {
"lan", "lan",
"infrastructure", "infrastructure",
"server", "server",
"vserver",
"podman0", "podman0",
"multimedia", "multimedia",
"smart", "smart",