Add factorio

This commit is contained in:
Daniel Flanagan 2022-03-02 11:32:50 -06:00
parent 3e2311d4f6
commit 944fdb581b
2 changed files with 12 additions and 10 deletions

View file

@ -32,6 +32,7 @@
10.0.0.210 greenroof.house 10.0.0.210 greenroof.house
10.0.0.10 ranch-talk.h.lyte.dev 10.0.0.210 ranch-talk.h.lyte.dev
10.0.0.244 ourcraft.lyte.dev 10.0.0.244 ourcraft.lyte.dev
10.0.0.244 factorio.lyte.dev

View file

@ -13,7 +13,7 @@ table inet filter {
ip protocol icmp accept ip protocol icmp accept
meta l4proto ipv6-icmp accept meta l4proto ipv6-icmp accept
# do these need ipv6-specific entries, too? # do these need ipv6-specific entries, too?
tcp dport { 51821, 22, 2200, 2221, 2222, 25565 } accept comment "globally allowed ipv6 ports" tcp dport { 51821, 22, 2201, 2221, 25565 } accept comment "globally allowed ipv6 ports"
udp dport { 51821, 51820, 546, 53, 67 } accept comment "allow dhcpv6-client, dns, dhcp, and wireguard" udp dport { 51821, 51820, 546, 53, 67 } accept comment "allow dhcpv6-client, dns, dhcp, and wireguard"
udp dport { 60000-60009 } accept comment "allow mosh common ports" udp dport { 60000-60009 } accept comment "allow mosh common ports"
drop drop
@ -43,18 +43,19 @@ table ip nat {
iifname $LAN accept iifname $LAN accept
# faceless # faceless
# allow HTTP, HTTPS, gitea's SSH, and host ssh to faceless # allow HTTP, HTTPS, and ssh to faceless
iifname $WAN tcp dport { 443, 80, 2222, 2200 } dnat to 10.0.0.210 iifname $WAN tcp dport { 443, 80, 22 } dnat to 10.0.0.210
# allow mosh # allow mosh
iifname $WAN udp dport 60010-60019 dnat to 10.0.0.210 iifname $WAN udp dport 60010-60019 dnat to 10.0.0.210
# allow host ssh # allow host ssh plus some stuff for the ranch talk
iifname $WAN tcp dport { 2221, 5588, 5555 } dnat to 10.0.0.10 iifname $WAN tcp dport { 2221, 5588, 5589 } dnat to 10.0.0.10
# allow mosh # allow mosh
iifname $WAN udp dport 60020-60029 dnat to 10.0.0.10 iifname $WAN udp dport 60020-60029 dnat to 10.0.0.10
# ourcraft # ourcraft
iifname $WAN tcp dport { 25565 } dnat to 10.0.0.244 iifname $WAN tcp dport { 25565, 34197 } dnat to 10.0.0.244
iifname $WAN udp dport { 25565, 34197 } dnat to 10.0.0.244
} }
} }
@ -95,9 +96,9 @@ table ip6 io.systemd.nat {
# icmpv6 accept # icmpv6 accept
# icmp accept # icmp accept
meta l4proto ipv6-icmp accept meta l4proto ipv6-icmp accept
tcp dport { 51821, 2200, 2221, 2222, 25565 } accept comment "globally allowed ipv6 ports" tcp dport { 51821, 22, 2201, 2221, 25565, 34197 } accept comment "globally allowed ipv6 ports"
udp dport { 51821, 51820, 546, 53, 67 } accept comment "allow dhcpv6-client, dns, dhcp, and wireguard" udp dport { 51821, 51820, 546, 53, 67, 25565, 34197 } accept comment "allow dhcpv6-client, dns, dhcp, and wireguard"
udp dport { 60000-60009 } accept comment "allow mosh common ports" # udp dport { 60000-60009 } accept comment "allow mosh common ports"
drop drop
} }