nanopi: remove obsolete firewall rules
Alan Pearce alan@alanpearce.eu
Sat, 31 Aug 2024 15:24:51 +0200
1 files changed, 0 insertions(+), 17 deletions(-)
jump to
M system/nanopi.nix → system/nanopi.nix
@@ -146,29 +146,12 @@ 41641 ]; }; extraForwardRules = '' - iifname { "wlan0", "lte0" } oifname { "lan1", "lan2", "bridge0" } icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, echo-request, mld-listener-query, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept - iifname { "lan1", "lan2", "bridge0" } oifname { "wlan0", "lte0" } accept iifname "tailscale0" oifname "bridge0" accept iifname "bridge0" oifname "tailscale0" accept ''; }; nftables = { enable = true; - tables = { - firewall = { - family = "inet"; - content = '' - chain postrouting { - type nat hook postrouting priority srcnat; policy accept; - oifname { "wlan0", "lte0" } masquerade - } - chain prerouting { - type nat hook prerouting priority dstnat; - iifname "wan0" tcp dport { 6922, 51413 } dnat ip to 10.0.0.42 - } - ''; - }; - }; }; wireless = { enable = true;