peperunas/nixos
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

firewall: Accept all incoming connections from tailscale

Browse Source
This commit is contained in:
Giulio De Pasquale 2023-02-08 08:40:58 +01:00
parent 9aea844ccb
commit 394d0d6b48
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hosts/architect/firewall.nix
View File

@ -157,12 +157,11 @@ in {
ip daddr 255.255.255.255 accept comment "allow broadcast traffic" ip daddr 255.255.255.255 accept comment "allow broadcast traffic"
ip daddr 224.0.0.0/4 accept comment "allow multicast traffic" ip daddr 224.0.0.0/4 accept comment "allow multicast traffic"
ip saddr ${lan-net} accept comment "lan > local" ip saddr ${lan-net} accept comment "lan > local"
ip saddr ${tailscale-net} accept comment "tailscale > local"
ip saddr {${lib.concatStringsSep "," gdevices-wg}} accept comment "vpn > local" ip saddr {${lib.concatStringsSep "," gdevices-wg}} accept comment "vpn > local"
iifname ${wan-if} tcp dport {${open_tcp_ports}} accept iifname ${wan-if} tcp dport {${open_tcp_ports}} accept
iifname ${wan-if} udp dport {${open_udp_ports}} accept iifname ${wan-if} udp dport {${open_udp_ports}} accept
iifname ${tailscale-if} tcp dport {${open_tcp_ports_vpn}} accept
iifname ${tailscale-if} udp dport {${open_udp_ports_vpn}} accept
iifname ${vpn-if} tcp dport {${open_tcp_ports_vpn}} accept iifname ${vpn-if} tcp dport {${open_tcp_ports_vpn}} accept
iifname ${vpn-if} udp dport {${open_udp_ports_vpn}} accept iifname ${vpn-if} udp dport {${open_udp_ports_vpn}} accept
iifname ${vpn-if} icmp type echo-request accept iifname ${vpn-if} icmp type echo-request accept