simon/nixos-config
simon/nixos-config
1
1
Fork 0
Code Issues 8 Pull requests Actions Projects Activity

shinobu/router: Clean up nftables rules

Browse source
This commit is contained in:
Simon Bruder 2023-09-21 12:59:12 +02:00
parent 9c42cb0903
commit 8a1724fe43
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC
1 changed files with 1 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
machines/shinobu/services/router.nix
View file

@ -73,6 +73,7 @@ in
iifname wg-upstream tcp flags syn / syn,rst tcp option maxseg size set rt mtu iifname wg-upstream tcp flags syn / syn,rst tcp option maxseg size set rt mtu
oifname wg-upstream tcp flags syn / syn,rst tcp option maxseg size set rt mtu oifname wg-upstream tcp flags syn / syn,rst tcp option maxseg size set rt mtu
# allow traffic between lan and wan
iifname $NAT_LAN_IFACES oifname $NAT_WAN_IFACES counter accept iifname $NAT_LAN_IFACES oifname $NAT_WAN_IFACES counter accept
iifname $NAT_WAN_IFACES oifname $NAT_LAN_IFACES ct state established,related counter accept iifname $NAT_WAN_IFACES oifname $NAT_LAN_IFACES ct state established,related counter accept
@ -90,10 +91,6 @@ in
} }
table inet nat { table inet nat {
chain prerouting {
type nat hook prerouting priority filter; policy accept
}
chain postrouting { chain postrouting {
type nat hook postrouting priority filter; policy accept type nat hook postrouting priority filter; policy accept
oifname $MASQUERADE_IFACES masquerade oifname $MASQUERADE_IFACES masquerade