lelgenio/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

vpn: allow traffic outside vpn

Browse source
This commit is contained in:
Leonardo Eugênio 2023-03-30 13:28:05 -03:00
parent b085e22f80
commit 364980bf63
1 changed files with 61 additions and 68 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
system/vpn.nix
View file

@ -5,24 +5,17 @@
networking.nftables = { networking.nftables = {
enable = true; enable = true;
ruleset = ruleset = ''
let table inet allowAll {
allowIncomming = port: ''
table inet allow${toString port} {
chain allowIncoming { chain allowIncoming {
type filter hook input priority -100; policy accept; type filter hook input priority -100; policy accept;
tcp dport ${toString port} ct mark set 0x00000f41 meta mark set 0x6d6f6c65 tcp dport 0-10999 ct mark set 0x00000f41 meta mark set 0x6d6f6c65
} }
chain allowOutgoing { chain allowOutgoing {
type route hook output priority -100; policy accept; type route hook output priority -100; policy accept;
tcp sport ${toString port} ct mark set 0x00000f41 meta mark set 0x6d6f6c65 tcp sport 0-10999 ct mark set 0x00000f41 meta mark set 0x6d6f6c65
} }
} }
'';
in
''
${allowIncomming 9022}
${allowIncomming 5000}
###################################### ######################################
# _ _ # # _ _ #