nydragon/nix-da
1
Fork 0
Code Issues Pull requests Activity Actions 1
nix-da/modules/networking.nix
Nydragon d89eb790b1
init: flakeify the majority of my config 
Remaining point of focus is making the sway config working properly
2024-05-13 15:34:22 +09:00

30 lines
957 B
Nix
Raw Blame History

{ pkgs, config, lib, ... }: {
networking.firewall = {
enable = true;
# Open ports in the firewall.
allowedTCPPorts = [ ];
allowedUDPPorts = [ 51820 ];
allowedTCPPortRanges = [{
from = 1714;
to = 1764;
}];
allowedUDPPortRanges = [{
from = 1714;
to = 1764;
}];
# if packets are still dropped, they will show up in dmesg
logReversePathDrops = true;
# wireguard trips rpfilter up https://nixos.wiki/wiki/WireGuard#Setting_up_WireGuard_with_NetworkManager
extraCommands = ''
ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN
ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN
'';
extraStopCommands = ''
ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true
ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true
'';
};
}
Reference in a new issue View git blame Copy permalink