diff options
| author | Alan Pearce | 2024-08-31 15:24:51 +0200 |
|---|---|---|
| committer | Alan Pearce | 2024-08-31 15:24:51 +0200 |
| commit | b843fd83a9cecd9a12647056d48bc5291e965be8 (patch) | |
| tree | 89fef60a09c432838a9d83cfddb18df335a0428d | |
| parent | 363ebe26af3d0ee62dc6b1334b453d74d71aa221 (diff) | |
| download | nixfiles-b843fd83a9cecd9a12647056d48bc5291e965be8.tar.lz nixfiles-b843fd83a9cecd9a12647056d48bc5291e965be8.tar.zst nixfiles-b843fd83a9cecd9a12647056d48bc5291e965be8.zip | |
nanopi: remove obsolete firewall rules
| -rwxr-xr-x | system/nanopi.nix | 17 |
1 files changed, 0 insertions, 17 deletions
diff --git a/system/nanopi.nix b/system/nanopi.nix index 1759cf4c..3a95ebfc 100755 --- a/system/nanopi.nix +++ b/system/nanopi.nix @@ -146,29 +146,12 @@ in ]; }; extraForwardRules = '' - iifname { "wlan0", "lte0" } oifname { "lan1", "lan2", "bridge0" } icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, echo-request, mld-listener-query, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept - iifname { "lan1", "lan2", "bridge0" } oifname { "wlan0", "lte0" } accept iifname "tailscale0" oifname "bridge0" accept iifname "bridge0" oifname "tailscale0" accept ''; }; nftables = { enable = true; - tables = { - firewall = { - family = "inet"; - content = '' - chain postrouting { - type nat hook postrouting priority srcnat; policy accept; - oifname { "wlan0", "lte0" } masquerade - } - chain prerouting { - type nat hook prerouting priority dstnat; - iifname "wan0" tcp dport { 6922, 51413 } dnat ip to 10.0.0.42 - } - ''; - }; - }; }; wireless = { enable = true; |