foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-01-31 04:58:01 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

hosts/plover: update Wireguard firewall rules

Browse Source
This commit is contained in:
Gabriel Arazas 2023-06-13 13:20:00 +08:00
parent 9f91d78294
commit 805ef47f70
No known key found for this signature in database
GPG Key ID: ADE0C41DAB221FCC
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
hosts/plover/modules/services/wireguard.nix
View File

@ -24,15 +24,19 @@ in
# IP forwarding for specific interfaces. # IP forwarding for specific interfaces.
filterForward = true; filterForward = true;
extraForwardRules = '' extraForwardRules = ''
iifname ${wireguardIFName} oifname ${lanIFName} accept comment "IP forward from Wireguard interface to LAN" iifname ${wireguardIFName} accept comment "IP forward from Wireguard interface to LAN"
''; '';
}; };
networking.nftables.ruleset = '' networking.nftables.ruleset = ''
table ip wireguard-${wireguardIFName} { table ip wireguard-${wireguardIFName} {
chain prerouting {
type nat hook prerouting priority filter; policy accept;
}
chain postrouting { chain postrouting {
type nat hook postrouting priority srcnat; policy accept; type nat hook postrouting priority srcnat; policy accept;
iifname ${wireguardIFName} oifname ${lanIFName} masquerade comment "Masquerade packets from Wireguard interface to LAN" iifname ${wireguardIFName} snat to ip ${interfaces.internal.IPv4.address} comment "Make packets from Wireguard interface appear as coming from the LAN interface"
} }
} }
''; '';