From 4ca9ef4e73a85976f6b3ee7efcdba61b400fd4d2 Mon Sep 17 00:00:00 2001 From: Sebastien Bourdeauducq Date: Fri, 23 Sep 2022 11:02:56 +0800 Subject: [PATCH] aux: block insecure devices --- aux-etc-nixos/configuration.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/aux-etc-nixos/configuration.nix b/aux-etc-nixos/configuration.nix index 023756ec..c0f62084 100644 --- a/aux-etc-nixos/configuration.nix +++ b/aux-etc-nixos/configuration.nix @@ -89,11 +89,20 @@ in iptables -w -A block-lan-from-wifi -i ${netifLan} -o ${netifWifi} -j DROP iptables -w -A block-lan-from-wifi -i ${netifWifi} -o ${netifLan} -j DROP iptables -w -A FORWARD -j block-lan-from-wifi + + iptables -w -N block-insecure-devices + iptables -w -A block-insecure-devices -m mac --mac-source 00:20:0c:6c:ee:ba -j DROP # keysight SA + iptables -w -A block-insecure-devices -m mac --mac-source 74:5b:c5:20:c1:5f -j DROP # siglent scope + iptables -w -A FORWARD -j block-insecure-devices ''; extraStopCommands = '' iptables -w -D FORWARD -j block-lan-from-wifi 2>/dev/null|| true iptables -w -F block-lan-from-wifi 2>/dev/null|| true iptables -w -X block-lan-from-wifi 2>/dev/null|| true + + iptables -w -D FORWARD -j block-insecure-devices 2>/dev/null|| true + iptables -w -F block-insecure-devices 2>/dev/null|| true + iptables -w -X block-insecure-devices 2>/dev/null|| true ''; };