try only wan masquerade

2023-11-30 22:57:58 +01:00
parent 4d38581dad
commit 9810882b95
1 changed files with 3 additions and 2 deletions
--- a/hosts/fw.cloonar.com/modules/firewall.nix
+++ b/hosts/fw.cloonar.com/modules/firewall.nix
@@ -65,7 +65,7 @@

            # lan and vpn to any
            # TODO: disable wan when finished
-            iifname { "wan", "lan", "wg_cloonar" } oifname { "lan", "wg_cloonar", "server", "multimedia", "smart", "wrwks", "wg_epicenter", "wg_ghetto_at" } counter accept
+            iifname { "wan", "lan", "wg_cloonar" } oifname { "lan", "server", "multimedia", "smart", "wrwks", "wg_cloonar", "wg_epicenter", "wg_ghetto_at" } counter accept

            # Allow trusted network WAN access
            iifname {
@@ -99,7 +99,8 @@
          # Setup NAT masquerading on the ppp0 interface
          chain postrouting {
            type nat hook postrouting priority filter; policy accept;
-            oifname { "wan", "wrwks", "wg_epicenter", "wg_ghetto_at" } masquerade
+            # oifname { "wan", "wrwks", "wg_epicenter", "wg_ghetto_at" } masquerade
+            oifname { "wan" } masquerade
          }
        }
      '';