dan/liminix
1
0
Fork 5
Code

apply incoming-allowed-ip[46] rules to input as well as forward pkts

Browse Source 
this makes it possible to open ports on the router itself
This commit is contained in:
Daniel Barlow 2024-10-10 18:18:23 +01:00
parent e383f1b3d3
commit 5112eab4da
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
modules/firewall/default-rules.nix
View File

@ -90,7 +90,7 @@ in {
# accept inbound from the WAN # accept inbound from the WAN
(if allow-incoming (if allow-incoming
then accept "oifname \"int\" iifname \"ppp0\"" then accept "oifname \"int\" iifname \"ppp0\""
else "oifname \"int\" iifname \"ppp0\" jump incoming-allowed-ip6" else "iifname \"ppp0\" jump incoming-allowed-ip6"
) )
# allow all outbound and any inbound that's part of a # allow all outbound and any inbound that's part of a
# recognised (outbound-initiated) flow # recognised (outbound-initiated) flow
@ -210,7 +210,7 @@ in {
"icmp type { echo-request, echo-reply } accept" "icmp type { echo-request, echo-reply } accept"
"iifname int jump input-ip4-lan" "iifname int jump input-ip4-lan"
"iifname ppp0 jump input-ip4-wan" "iifname ppp0 jump input-ip4-wan"
"oifname \"int\" iifname \"ppp0\" jump incoming-allowed-ip4" "iifname ppp0 jump incoming-allowed-ip4"
"ct state established,related accept" "ct state established,related accept"
"log prefix \"DENIED CHAIN=input-ip4 \"" "log prefix \"DENIED CHAIN=input-ip4 \""
]; ];