M-Labs/it-infra
M-Labs
/
it-infra
8
0
Fork 5
Code Issues 10 Pull Requests 1 Releases Wiki Activity

nixbld: fix firewall issue with incoming USA tunnel connections

This commit is contained in:
Sebastien Bourdeauducq 2024-10-15 21:27:43 +08:00
parent 34102e66ad
commit ecf40fb2db
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
nixbld-etc-nixos/configuration.nix
View File

@ -94,6 +94,14 @@ in
allowedUDPPorts = [ 53 67 500 4500 ]; allowedUDPPorts = [ 53 67 500 4500 ];
trustedInterfaces = [ netifLan ]; trustedInterfaces = [ netifLan ];
logRefusedConnections = false; logRefusedConnections = false;
extraCommands = ''
iptables -A INPUT -s 5.78.86.156 -p gre -j ACCEPT
iptables -A INPUT -s 5.78.86.156 -p ah -j ACCEPT
'';
extraStopCommands = ''
iptables -D INPUT -s 5.78.86.156 -p gre -j ACCEPT
iptables -D INPUT -s 5.78.86.156 -p ah -j ACCEPT
'';
}; };
useDHCP = false; useDHCP = false;
interfaces."${netifWan}".useDHCP = true; # PCCW - always wants active DHCP lease or cuts you off interfaces."${netifWan}".useDHCP = true; # PCCW - always wants active DHCP lease or cuts you off