nixbld: allow routing between wifi and LAN

This commit is contained in:
Sébastien Bourdeauducq 2024-05-06 10:57:33 +08:00
parent 2cd3ae1337
commit 4c7f35bc75

View File

@ -169,11 +169,6 @@ in
{ sourcePort = 2204; destination = "192.168.1.204:22"; proto = "tcp"; } { sourcePort = 2204; destination = "192.168.1.204:22"; proto = "tcp"; }
]; ];
extraCommands = '' extraCommands = ''
iptables -w -N block-lan-from-wifi
iptables -w -A block-lan-from-wifi -i ${netifLan} -o ${netifWifi} -j DROP
iptables -w -A block-lan-from-wifi -i ${netifWifi} -o ${netifLan} -j DROP
iptables -w -A FORWARD -j block-lan-from-wifi
iptables -w -N block-insecure-devices iptables -w -N block-insecure-devices
iptables -w -A block-insecure-devices -m mac --mac-source 00:20:0c:6c:ee:ba -j DROP # keysight SA iptables -w -A block-insecure-devices -m mac --mac-source 00:20:0c:6c:ee:ba -j DROP # keysight SA
iptables -w -A block-insecure-devices -m mac --mac-source 74:5b:c5:20:c1:5f -j DROP # siglent scope iptables -w -A block-insecure-devices -m mac --mac-source 74:5b:c5:20:c1:5f -j DROP # siglent scope
@ -187,10 +182,6 @@ in
iptables -w -A FORWARD -j block-insecure-devices iptables -w -A FORWARD -j block-insecure-devices
''; '';
extraStopCommands = '' extraStopCommands = ''
iptables -w -D FORWARD -j block-lan-from-wifi 2>/dev/null|| true
iptables -w -F block-lan-from-wifi 2>/dev/null|| true
iptables -w -X block-lan-from-wifi 2>/dev/null|| true
iptables -w -D FORWARD -j block-insecure-devices 2>/dev/null|| true iptables -w -D FORWARD -j block-insecure-devices 2>/dev/null|| true
iptables -w -F block-insecure-devices 2>/dev/null|| true iptables -w -F block-insecure-devices 2>/dev/null|| true
iptables -w -X block-insecure-devices 2>/dev/null|| true iptables -w -X block-insecure-devices 2>/dev/null|| true