raboof/liminix
1
0
Fork 0
forked from dan/liminix
Code Pull Requests Activity

firewall: don't use oifname in input rules

Browse Source 
because it's empty, these are input rules for the local machine
This commit is contained in:
Daniel Barlow 2024-12-29 23:17:31 +00:00
parent 48dfbe0c01
commit f2e4e77d73
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
modules/firewall/default-rules.nix
View File

@ -131,12 +131,12 @@ in {
"iifname int jump input-ip6-lan"
"iifname ppp0 jump input-ip6-wan"
(if allow-incoming
then accept "oifname \"int\" iifname \"ppp0\""
else "oifname \"int\" iifname \"ppp0\" jump incoming-allowed-ip6"
then accept "iifname \"ppp0\""
else "iifname \"ppp0\" jump incoming-allowed-ip6"
)
# how does this even make sense in an input chain?
(accept "oifname \"int\" iifname \"ppp0\" ct state established,related")
(accept "iifname \"int\" oifname \"ppp0\" ")
(accept "iifname \"ppp0\" ct state established,related")
(accept "iifname \"int\" ")
"log prefix \"DENIED CHAIN=input-ip6 \""
];
};