all repos — nixfiles @ b843fd83a9cecd9a12647056d48bc5291e965be8

System and user configuration, managed by nix and home-manager

nanopi: remove obsolete firewall rules

Alan Pearce
commit

b843fd83a9cecd9a12647056d48bc5291e965be8

parent

363ebe26af3d0ee62dc6b1334b453d74d71aa221

1 file changed, 0 insertions(+), 17 deletions(-)

jump to
M system/nanopi.nixsystem/nanopi.nix
@@ -146,29 +146,12 @@ 41641
         ];
       };
       extraForwardRules = ''
-        iifname { "wlan0", "lte0" } oifname { "lan1", "lan2", "bridge0" } icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, echo-request, mld-listener-query, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept
-        iifname { "lan1", "lan2", "bridge0" } oifname { "wlan0", "lte0" } accept
         iifname "tailscale0" oifname "bridge0" accept
         iifname "bridge0" oifname "tailscale0" accept
       '';
     };
     nftables = {
       enable = true;
-      tables = {
-        firewall = {
-          family = "inet";
-          content = ''
-            chain postrouting {
-              type nat hook postrouting priority srcnat; policy accept;
-              oifname { "wlan0", "lte0" } masquerade
-            }
-            chain prerouting {
-              type nat hook prerouting priority dstnat;
-              iifname "wan0" tcp dport { 6922, 51413 } dnat ip to 10.0.0.42
-            }
-          '';
-        };
-      };
     };
     wireless = {
       enable = true;