From 0cbdc22d4efe4136e33caefa378c234b8b81acc7 Mon Sep 17 00:00:00 2001 From: Simon Bruder Date: Sun, 22 Sep 2024 12:54:37 +0200 Subject: [PATCH] shinobu/router: Add printer vlan --- machines/shinobu/services/router/common.nix | 5 +++++ machines/shinobu/services/router/rules.nft | 3 +++ 2 files changed, 8 insertions(+) diff --git a/machines/shinobu/services/router/common.nix b/machines/shinobu/services/router/common.nix index 9b6570e..119c348 100644 --- a/machines/shinobu/services/router/common.nix +++ b/machines/shinobu/services/router/common.nix @@ -76,6 +76,11 @@ rec { subnet = mkSubnet "10.80.4.0/24" "2001:470:73b9:4::/64"; domain = "iot.shinonome-lab.de"; }; + printer = { + id = 41; + subnet = mkSubnet "10.80.5.0/24" "2001:470:73b9:5::/64"; + domain = "printer.shinonome-lab.de"; + }; }; tc = { interface = "enp1s0"; diff --git a/machines/shinobu/services/router/rules.nft b/machines/shinobu/services/router/rules.nft index 953df62..682f87e 100644 --- a/machines/shinobu/services/router/rules.nft +++ b/machines/shinobu/services/router/rules.nft @@ -31,6 +31,9 @@ table inet filter { iifname $VLAN_BRIDGES oifname "br-lan" ct state established,related counter accept iifname $WAN_IFACES oifname "br-iot" ct state established,related counter accept + + iifname "br-printer" oifname "br-lan" ip daddr $STATIC_HOST_fuuko_address4 tcp dport { 21, 30000-30009 } counter accept + iifname "br-printer" oifname "br-lan" ip6 daddr $STATIC_HOST_fuuko_address6 tcp dport { 21, 30000-30009 } counter accept } }