dan/liminix
1
0
Fork 5
Code

firewall: don't use oifname in input rules

Browse Source 
because it's empty, these are input rules for the local machine
This commit is contained in:
Daniel Barlow 2024-12-29 23:17:31 +00:00
parent 48dfbe0c01
commit f2e4e77d73
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
modules/firewall/default-rules.nix
View File

@ -131,12 +131,12 @@ in {
"iifname int jump input-ip6-lan" "iifname int jump input-ip6-lan"
"iifname ppp0 jump input-ip6-wan" "iifname ppp0 jump input-ip6-wan"
(if allow-incoming (if allow-incoming
then accept "oifname \"int\" iifname \"ppp0\"" then accept "iifname \"ppp0\""
else "oifname \"int\" iifname \"ppp0\" jump incoming-allowed-ip6" else "iifname \"ppp0\" jump incoming-allowed-ip6"
) )
# how does this even make sense in an input chain? # how does this even make sense in an input chain?
(accept "oifname \"int\" iifname \"ppp0\" ct state established,related") (accept "iifname \"ppp0\" ct state established,related")
(accept "iifname \"int\" oifname \"ppp0\" ") (accept "iifname \"int\" ")
"log prefix \"DENIED CHAIN=input-ip6 \"" "log prefix \"DENIED CHAIN=input-ip6 \""
]; ];
}; };