foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-01-31 04:58:01 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

hosts/plover: improve firewall settings for Wireguard service

Browse Source
This commit is contained in:
Gabriel Arazas 2023-06-08 19:52:29 +08:00
parent 316602a35d
commit 29d990f33c
No known key found for this signature in database
GPG Key ID: ADE0C41DAB221FCC
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
hosts/plover/modules/services/wireguard.nix
View File

@ -16,7 +16,16 @@ in
{
environment.systemPackages = [ pkgs.wireguard-tools ];
networking.firewall.allowedUDPPorts = [ wireguardPort ];
networking.firewall = {
# Allow the UDP traffic for the Wireguard service.
allowedUDPPorts = [ wireguardPort ];
# Accept the traffic from the Wireguard interface.
trustedInterfaces = [ wireguardIFName ];
# IP forwarding for specific interfaces.
filterForward = true;
};
systemd.network = {
wait-online.ignoredInterfaces = [ wireguardIFName ];