Cloonar/nixos
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

try some fw stuff

Browse source
This commit is contained in:
Dominik Polakovics Polakovics 2023-12-01 00:13:21 +01:00
parent 83ac3fea42
commit addb063cee
2 changed files with 25 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

8
hosts/fw.cloonar.com/modules/firewall.nix
View file

@ -52,10 +52,14 @@
# Allow returning traffic from wg_cloonar and drop everthing else
iifname "wg_cloonar" ct state { established, related } counter accept
iifname "wg_cloonar" drop
iifname "wan" ct state { established, related } accept comment "Allow established traffic"
iifname "wan" icmp type { echo-request, destination-unreachable, time-exceeded } counter accept comment "Allow select ICMP"
iifname "wan" counter drop comment "Drop all other unsolicited traffic from wan"
}
chain forward {
type filter hook forward priority filter; policy accept;
type filter hook forward priority filter; policy drop;
# enable flow offloading for better throughput
# ip protocol { tcp, udp } flow offload @f
@ -87,7 +91,7 @@
"multimedia",
"smart",
"wg_cloonar",
} ct state established,related counter accept comment "Allow established back to LANs"
} ct state { established, related } counter accept comment "Allow established back to LANs"
}
}