Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

change firewall

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2023-12-06 20:33:47 +01:00
parent 9ced007c27
commit c8ebc7eff5
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
hosts/fw.cloonar.com/modules/firewall.nix
View File

@@ -131,7 +131,7 @@
"wg_cloonar" "wg_cloonar"
} counter accept } counter accept
# Allow networks to access the dns and dhcp # Allow networks to access dhcp
iifname { iifname {
"lan", "lan",
"server", "server",
@@ -146,8 +146,6 @@
# iifname "multimedia" ip saddr <chromecast IP> tcp dport { llmnr } counter accept # iifname "multimedia" ip saddr <chromecast IP> tcp dport { llmnr } counter accept
# iifname "multimedia" ip saddr <chromecast IP> udp dport { mdns, llmnr } counter accept # iifname "multimedia" ip saddr <chromecast IP> udp dport { mdns, llmnr } counter accept
# Accept web to git server
iifname "wan" oifname "server" ip daddr 10.42.97.50 tcp dport { 22, 80, 443 } counter accept
# Allow returning traffic from wg_cloonar and drop everthing else # Allow returning traffic from wg_cloonar and drop everthing else
iifname "wg_cloonar" ct state { established, related } counter accept iifname "wg_cloonar" ct state { established, related } counter accept
@@ -180,6 +178,12 @@
# multimedia airplay # multimedia airplay
iifname "multimedia" oifname { "lan" } counter accept iifname "multimedia" oifname { "lan" } counter accept
# Forward to git server
oifname "server" ip daddr 10.42.97.50 tcp dport { 22, 80, 443 } counter accept
# Forward to dns server
oifname "server" ip daddr 10.42.97.10 udp dport { 53 } accept
# lan and vpn to any # lan and vpn to any
# TODO: disable wan when finished # TODO: disable wan when finished
oifname { "server" } ip daddr 10.42.97.10 udp dport { 53 } accept oifname { "server" } ip daddr 10.42.97.10 udp dport { 53 } accept