From ecf40fb2dba176ba05a1c4c1dee3f335202270aa Mon Sep 17 00:00:00 2001 From: Sebastien Bourdeauducq Date: Tue, 15 Oct 2024 21:27:43 +0800 Subject: [PATCH] nixbld: fix firewall issue with incoming USA tunnel connections --- nixbld-etc-nixos/configuration.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/nixbld-etc-nixos/configuration.nix b/nixbld-etc-nixos/configuration.nix index d3ddade..64912ba 100644 --- a/nixbld-etc-nixos/configuration.nix +++ b/nixbld-etc-nixos/configuration.nix @@ -94,6 +94,14 @@ in allowedUDPPorts = [ 53 67 500 4500 ]; trustedInterfaces = [ netifLan ]; logRefusedConnections = false; + extraCommands = '' + iptables -A INPUT -s 5.78.86.156 -p gre -j ACCEPT + iptables -A INPUT -s 5.78.86.156 -p ah -j ACCEPT + ''; + extraStopCommands = '' + iptables -D INPUT -s 5.78.86.156 -p gre -j ACCEPT + iptables -D INPUT -s 5.78.86.156 -p ah -j ACCEPT + ''; }; useDHCP = false; interfaces."${netifWan}".useDHCP = true; # PCCW - always wants active DHCP lease or cuts you off