Stop rejecting packages from the tunnel

Appears that firewall rejects packages before they are getting unwrapped to GRE

Signed-off-by: Egor Savkin <es@m-labs.hk>
This commit is contained in:
Egor Savkin 2024-10-10 12:37:15 +08:00
parent 4d7e836f07
commit 60903e955f
1 changed files with 7 additions and 1 deletions

View File

@ -92,8 +92,14 @@ in
firewall = { firewall = {
allowedTCPPorts = [ 53 80 443 2222 7402 ]; allowedTCPPorts = [ 53 80 443 2222 7402 ];
allowedUDPPorts = [ 53 67 500 4500 ]; allowedUDPPorts = [ 53 67 500 4500 ];
trustedInterfaces = [ netifLan netifUSA ]; trustedInterfaces = [ netifLan ];
logRefusedConnections = false; logRefusedConnections = false;
extraCommands = ''
iptables -A INPUT -s 5.78.86.156 -p gre -j ACCEPT
iptables -A INPUT -s 5.78.86.156 -p ah -j ACCEPT
iptables -A OUTPUT -d 5.78.86.156 -p gre -j ACCEPT
iptables -A OUTPUT -d 5.78.86.156 -p ah -j ACCEPT
'';
}; };
useDHCP = false; useDHCP = false;
interfaces."${netifWan}".useDHCP = true; # PCCW - always wants active DHCP lease or cuts you off interfaces."${netifWan}".useDHCP = true; # PCCW - always wants active DHCP lease or cuts you off