lytedev
/
router
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add factorio

This commit is contained in:
Daniel Flanagan 2022-03-02 11:32:50 -06:00
parent 3e2311d4f6
commit 944fdb581b
2 changed files with 12 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
etc-hosts
View File

@ -32,6 +32,7 @@
10.0.0.210 greenroof.house
10.0.0.10 ranch-talk.h.lyte.dev
10.0.0.210 ranch-talk.h.lyte.dev
10.0.0.244 ourcraft.lyte.dev
10.0.0.244 factorio.lyte.dev

19
nftables.conf
View File

@ -13,7 +13,7 @@ table inet filter {
ip protocol icmp accept
meta l4proto ipv6-icmp accept
# do these need ipv6-specific entries, too?
tcp dport { 51821, 22, 2200, 2221, 2222, 25565 } accept comment "globally allowed ipv6 ports"
tcp dport { 51821, 22, 2201, 2221, 25565 } accept comment "globally allowed ipv6 ports"
udp dport { 51821, 51820, 546, 53, 67 } accept comment "allow dhcpv6-client, dns, dhcp, and wireguard"
udp dport { 60000-60009 } accept comment "allow mosh common ports"
drop
@ -43,18 +43,19 @@ table ip nat {
iifname $LAN accept
# faceless
# allow HTTP, HTTPS, gitea's SSH, and host ssh to faceless
iifname $WAN tcp dport { 443, 80, 2222, 2200 } dnat to 10.0.0.210
# allow HTTP, HTTPS, and ssh to faceless
iifname $WAN tcp dport { 443, 80, 22 } dnat to 10.0.0.210
# allow mosh
iifname $WAN udp dport 60010-60019 dnat to 10.0.0.210
# allow host ssh
iifname $WAN tcp dport { 2221, 5588, 5555 } dnat to 10.0.0.10
# allow host ssh plus some stuff for the ranch talk
iifname $WAN tcp dport { 2221, 5588, 5589 } dnat to 10.0.0.10
# allow mosh
iifname $WAN udp dport 60020-60029 dnat to 10.0.0.10
# ourcraft
iifname $WAN tcp dport { 25565 } dnat to 10.0.0.244
iifname $WAN tcp dport { 25565, 34197 } dnat to 10.0.0.244
iifname $WAN udp dport { 25565, 34197 } dnat to 10.0.0.244
}
}
@ -95,9 +96,9 @@ table ip6 io.systemd.nat {
# icmpv6 accept
# icmp accept
meta l4proto ipv6-icmp accept
tcp dport { 51821, 2200, 2221, 2222, 25565 } accept comment "globally allowed ipv6 ports"
udp dport { 51821, 51820, 546, 53, 67 } accept comment "allow dhcpv6-client, dns, dhcp, and wireguard"
udp dport { 60000-60009 } accept comment "allow mosh common ports"
tcp dport { 51821, 22, 2201, 2221, 25565, 34197 } accept comment "globally allowed ipv6 ports"
udp dport { 51821, 51820, 546, 53, 67, 25565, 34197 } accept comment "allow dhcpv6-client, dns, dhcp, and wireguard"
# udp dport { 60000-60009 } accept comment "allow mosh common ports"
drop
}