diff --git a/nixbld-etc-nixos/configuration.nix b/nixbld-etc-nixos/configuration.nix index 07f6d33..e358601 100644 --- a/nixbld-etc-nixos/configuration.nix +++ b/nixbld-etc-nixos/configuration.nix @@ -92,8 +92,14 @@ in firewall = { allowedTCPPorts = [ 53 80 443 2222 7402 ]; allowedUDPPorts = [ 53 67 500 4500 ]; - trustedInterfaces = [ netifLan netifUSA ]; + trustedInterfaces = [ netifLan ]; logRefusedConnections = false; + extraCommands = '' + iptables -A INPUT -s 5.78.86.156 -p gre -j ACCEPT + iptables -A INPUT -s 5.78.86.156 -p ah -j ACCEPT + iptables -A OUTPUT -d 5.78.86.156 -p gre -j ACCEPT + iptables -A OUTPUT -d 5.78.86.156 -p ah -j ACCEPT + ''; }; useDHCP = false; interfaces."${netifWan}".useDHCP = true; # PCCW - always wants active DHCP lease or cuts you off