esavkin
/
it-infra
forked from M-Labs/it-infra
1
0
Fork 0
Code Pull Requests Activity

nixbld: fix firewall issue with incoming USA tunnel connections

This commit is contained in:
Sebastien Bourdeauducq 2024-10-15 21:27:43 +08:00
parent 34102e66ad
commit ecf40fb2db
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
nixbld-etc-nixos/configuration.nix
View File

@ -94,6 +94,14 @@ in
allowedUDPPorts = [ 53 67 500 4500 ];
trustedInterfaces = [ netifLan ];
logRefusedConnections = false;
extraCommands = ''
iptables -A INPUT -s 5.78.86.156 -p gre -j ACCEPT
iptables -A INPUT -s 5.78.86.156 -p ah -j ACCEPT
'';
extraStopCommands = ''
iptables -D INPUT -s 5.78.86.156 -p gre -j ACCEPT
iptables -D INPUT -s 5.78.86.156 -p ah -j ACCEPT
'';
};
useDHCP = false;
interfaces."${netifWan}".useDHCP = true; # PCCW - always wants active DHCP lease or cuts you off