nydragon/nix-da
1
Fork 0
Code Issues Pull requests Activity Actions 1
nix-da/modules/networking.nix
Nydragon dca42a7462
chore: various changes
2024-06-25 14:30:11 +02:00

43 lines
1.2 KiB
Nix
Raw Blame History

{ ... }:
{
networking = {
networkmanager.enable = true;
firewall =
let
wgPort = 51820;
in
{
enable = true;
# Open ports in the firewall.
allowedTCPPorts = [ ];
allowedUDPPorts = [ wgPort ];
allowedTCPPortRanges = [
{
from = 1714;
to = 1764;
}
];
allowedUDPPortRanges = [
{
from = 1714;
to = 1764;
}
];
# if packets are still dropped, they will show up in dmesg
logReversePathDrops = true;
# wireguard trips rpfilter up https://nixos.wiki/wiki/WireGuard#Setting_up_WireGuard_with_NetworkManager
extraCommands = ''
ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport ${toString wgPort} -j RETURN
ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport ${toString wgPort} -j RETURN
'';
extraStopCommands = ''
ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport ${toString wgPort} -j RETURN || true
ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport ${toString wgPort} -j RETURN || true
'';
};
};
}
Reference in a new issue View git blame Copy permalink