Stop rejecting packages from the tunnel
Appears that firewall rejects packages before they are getting unwrapped to GRE Signed-off-by: Egor Savkin <es@m-labs.hk>
This commit is contained in:
parent
4d7e836f07
commit
60903e955f
|
@ -92,8 +92,14 @@ in
|
|||
firewall = {
|
||||
allowedTCPPorts = [ 53 80 443 2222 7402 ];
|
||||
allowedUDPPorts = [ 53 67 500 4500 ];
|
||||
trustedInterfaces = [ netifLan netifUSA ];
|
||||
trustedInterfaces = [ netifLan ];
|
||||
logRefusedConnections = false;
|
||||
extraCommands = ''
|
||||
iptables -A INPUT -s 5.78.86.156 -p gre -j ACCEPT
|
||||
iptables -A INPUT -s 5.78.86.156 -p ah -j ACCEPT
|
||||
iptables -A OUTPUT -d 5.78.86.156 -p gre -j ACCEPT
|
||||
iptables -A OUTPUT -d 5.78.86.156 -p ah -j ACCEPT
|
||||
'';
|
||||
};
|
||||
useDHCP = false;
|
||||
interfaces."${netifWan}".useDHCP = true; # PCCW - always wants active DHCP lease or cuts you off
|
||||
|
|
Loading…
Reference in New Issue