lytedev/nix
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Router

Browse source
This commit is contained in:
Daniel Flanagan 2024-07-17 15:19:41 -05:00
parent 70499bc218
commit 8c140dd3db
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
nixos/router.nix
View file

@ -124,7 +124,7 @@ in {
flags interval flags interval
elements = { fd00::/8, fe80::/10 } elements = { fd00::/8, fe80::/10 }
} }
# maybe tailnet? # TODO: maybe tailnet?
chain my_input_lan { chain my_input_lan {
udp sport 1900 udp dport >= 1024 meta pkttype unicast limit rate 4/second burst 20 packets accept comment "Accept UPnP IGD port mapping reply" udp sport 1900 udp dport >= 1024 meta pkttype unicast limit rate 4/second burst 20 packets accept comment "Accept UPnP IGD port mapping reply"
@ -153,6 +153,7 @@ in {
iifname "${lan}" accept comment "Allow local network to access the router" iifname "${lan}" accept comment "Allow local network to access the router"
iifname "${wan}" counter drop comment "Drop all other unsolicited traffic from wan" iifname "${wan}" counter drop comment "Drop all other unsolicited traffic from wan"
} }
chain forward { chain forward {
type filter hook forward priority filter; policy drop; type filter hook forward priority filter; policy drop;