dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Don't blindly trust as211024
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 20m22s
Details

Browse Source
This commit is contained in:
Jack O'Sullivan
2023-12-20 22:59:51 +00:00
parent 0fe863844f
commit e760569b3e
4 changed files with 32 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
nixos/boxes/home/routing-common/default.nix
View File

@@ -311,7 +311,7 @@ in
};
};
firewall = {
trustedInterfaces = [ "lan-hi" "lan-lo" "as211024" ];
trustedInterfaces = [ "lan-hi" "lan-lo" ];
udp.allowed = [ 5353 ];
tcp.allowed = [ 5353 ];
nat = {
@@ -358,8 +358,10 @@ in
}
chain forward {
${lib.my.c.as211024.nftTrust}
iifname lan-untrusted jump filter-untrusted
iifname { wan, lan-untrusted } oifname { lan-hi, lan-lo } jump filter-routing
iifname { wan, as211024, lan-untrusted } oifname { lan-hi, lan-lo } jump filter-routing
oifname as211024 accept
}
chain output { }
}