newell
/
nix-scripts
forked from M-Labs/nix-scripts
1
0
Fork 0
Code Pull Requests Activity

nixbld: isolate wifi network. Closes #20

This commit is contained in:
Sebastien Bourdeauducq 2019-10-15 19:42:26 +08:00
parent dd490121b6
commit e89afabdfb
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
nixbld-etc-nixos/configuration.nix
View File

@ -55,6 +55,17 @@ in
enable = true; enable = true;
externalInterface = netifWan; externalInterface = netifWan;
internalInterfaces = [ netifLan netifWifi ]; internalInterfaces = [ netifLan netifWifi ];
extraCommands = ''
iptables -w -N block-lan-from-wifi
iptables -w -A block-lan-from-wifi -i ${netifLan} -o ${netifWifi} -j DROP
iptables -w -A block-lan-from-wifi -i ${netifWifi} -o ${netifLan} -j DROP
iptables -w -A FORWARD -j block-lan-from-wifi
'';
extraStopCommands = ''
iptables -w -D FORWARD -j block-lan-from-wifi 2>/dev/null|| true
iptables -w -F block-lan-from-wifi 2>/dev/null|| true
iptables -w -X block-lan-from-wifi 2>/dev/null|| true
'';
}; };
sits."${netifSit}" = { sits."${netifSit}" = {
dev = netifWan; dev = netifWan;