caandt/nix-conf
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

wireguard firewall settings

Browse source
This commit is contained in:
caandt 2024-11-25 01:50:23 -06:00
parent 55903a2242
commit 046f061657
1 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
hosts/hyuganatsu/default.nix
View file

@ -36,4 +36,15 @@
services.udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="usb", DRIVERS=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c547", ATTR{power/wakeup}="disabled"
'';
networking.firewall = {
logReversePathDrops = true;
extraCommands = ''
ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN
ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN
'';
extraStopCommands = ''
ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true
ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true
'';
};
}