From 94fcee359ad720aeb4a87951e887c92571b3cdb0 Mon Sep 17 00:00:00 2001 From: Simon Bruder Date: Fri, 8 Sep 2023 13:08:43 +0200 Subject: [PATCH] shinobu/router: Reduce semicolon usage Only use it where it is necessary --- machines/shinobu/services/router.nix | 32 +++++++++++++++------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/machines/shinobu/services/router.nix b/machines/shinobu/services/router.nix index 7013278..ecc2cef 100644 --- a/machines/shinobu/services/router.nix +++ b/machines/shinobu/services/router.nix @@ -66,7 +66,7 @@ in table inet filter { chain forward { - type filter hook forward priority filter; policy drop; + type filter hook forward priority filter; policy drop # Use MSS clamping # to avoid too large packets from client on the lan @@ -74,38 +74,40 @@ in iifname wg-upstream tcp flags syn / syn,rst tcp option maxseg size set rt mtu oifname wg-upstream tcp flags syn / syn,rst tcp option maxseg size set rt mtu - iifname $NAT_LAN_IFACES oifname $NAT_WAN_IFACES counter accept; - iifname $NAT_WAN_IFACES oifname $NAT_LAN_IFACES ct state established,related counter accept; + iifname $NAT_LAN_IFACES oifname $NAT_WAN_IFACES counter accept + iifname $NAT_WAN_IFACES oifname $NAT_LAN_IFACES ct state established,related counter accept # plastic router - iifname $NAT_LAN_IFACES oifname $PHYSICAL_WAN ip daddr $PLASTIC_ROUTER_V4 counter accept; - iifname $PHYSICAL_WAN oifname $NAT_LAN_IFACES ip saddr $PLASTIC_ROUTER_V4 ct state established,related counter accept; + iifname $NAT_LAN_IFACES oifname $PHYSICAL_WAN ip daddr $PLASTIC_ROUTER_V4 counter accept + iifname $PHYSICAL_WAN oifname $NAT_LAN_IFACES ip saddr $PLASTIC_ROUTER_V4 ct state established,related counter accept - iifname $NAT_LAN_IFACES oifname $PHYSICAL_WAN ip daddr $VUEKO_V4 udp dport $VUEKO_PORT counter accept; - iifname $PHYSICAL_WAN oifname $NAT_LAN_IFACES ip saddr $VUEKO_V4 udp sport $VUEKO_PORT ct state established,related counter accept; - iifname $NAT_LAN_IFACES oifname $PHYSICAL_WAN ip6 daddr $VUEKO_V6 udp dport $VUEKO_PORT counter accept; - iifname $PHYSICAL_WAN oifname $NAT_LAN_IFACES ip6 saddr $VUEKO_V6 udp sport $VUEKO_PORT ct state established,related counter accept; + iifname $NAT_LAN_IFACES oifname $PHYSICAL_WAN ip daddr $VUEKO_V4 udp dport $VUEKO_PORT counter accept + iifname $PHYSICAL_WAN oifname $NAT_LAN_IFACES ip saddr $VUEKO_V4 udp sport $VUEKO_PORT ct state established,related counter accept + iifname $NAT_LAN_IFACES oifname $PHYSICAL_WAN ip6 daddr $VUEKO_V6 udp dport $VUEKO_PORT counter accept + iifname $PHYSICAL_WAN oifname $NAT_LAN_IFACES ip6 saddr $VUEKO_V6 udp sport $VUEKO_PORT ct state established,related counter accept } } table inet nat { chain prerouting { - type nat hook prerouting priority filter; policy accept; + type nat hook prerouting priority filter; policy accept } chain postrouting { - type nat hook postrouting priority filter; policy accept; - oifname $MASQUERADE_IFACES masquerade; + type nat hook postrouting priority filter; policy accept + oifname $MASQUERADE_IFACES masquerade } } table inet mangle { chain output { - type route hook output priority mangle; + type route hook output priority mangle # Add fwmark noVpnMark to packets to vueko, so it will get routed correctly - ip daddr $VUEKO_V4 udp dport $VUEKO_PORT mark set ${toString noVpnFwMark} counter; - ip6 daddr $VUEKO_V6 udp dport $VUEKO_PORT mark set ${toString noVpnFwMark} counter; + ip daddr $VUEKO_V4 udp dport $VUEKO_PORT mark set ${toString noVpnFwMark} counter + ip6 daddr $VUEKO_V6 udp dport $VUEKO_PORT mark set ${toString noVpnFwMark} counter + } + } } } '';