forked from M-Labs/it-infra
nixbld: fix firewall issue with incoming USA tunnel connections
This commit is contained in:
parent
34102e66ad
commit
ecf40fb2db
@ -94,6 +94,14 @@ in
|
|||||||
allowedUDPPorts = [ 53 67 500 4500 ];
|
allowedUDPPorts = [ 53 67 500 4500 ];
|
||||||
trustedInterfaces = [ netifLan ];
|
trustedInterfaces = [ netifLan ];
|
||||||
logRefusedConnections = false;
|
logRefusedConnections = false;
|
||||||
|
extraCommands = ''
|
||||||
|
iptables -A INPUT -s 5.78.86.156 -p gre -j ACCEPT
|
||||||
|
iptables -A INPUT -s 5.78.86.156 -p ah -j ACCEPT
|
||||||
|
'';
|
||||||
|
extraStopCommands = ''
|
||||||
|
iptables -D INPUT -s 5.78.86.156 -p gre -j ACCEPT
|
||||||
|
iptables -D INPUT -s 5.78.86.156 -p ah -j ACCEPT
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
useDHCP = false;
|
useDHCP = false;
|
||||||
interfaces."${netifWan}".useDHCP = true; # PCCW - always wants active DHCP lease or cuts you off
|
interfaces."${netifWan}".useDHCP = true; # PCCW - always wants active DHCP lease or cuts you off
|
||||||
|
Loading…
Reference in New Issue
Block a user