vpn: allow traffic outside vpn
This commit is contained in:
parent
b085e22f80
commit
364980bf63
|
@ -5,24 +5,17 @@
|
||||||
|
|
||||||
networking.nftables = {
|
networking.nftables = {
|
||||||
enable = true;
|
enable = true;
|
||||||
ruleset =
|
ruleset = ''
|
||||||
let
|
table inet allowAll {
|
||||||
allowIncomming = port: ''
|
|
||||||
table inet allow${toString port} {
|
|
||||||
chain allowIncoming {
|
chain allowIncoming {
|
||||||
type filter hook input priority -100; policy accept;
|
type filter hook input priority -100; policy accept;
|
||||||
tcp dport ${toString port} ct mark set 0x00000f41 meta mark set 0x6d6f6c65
|
tcp dport 0-10999 ct mark set 0x00000f41 meta mark set 0x6d6f6c65
|
||||||
}
|
}
|
||||||
chain allowOutgoing {
|
chain allowOutgoing {
|
||||||
type route hook output priority -100; policy accept;
|
type route hook output priority -100; policy accept;
|
||||||
tcp sport ${toString port} ct mark set 0x00000f41 meta mark set 0x6d6f6c65
|
tcp sport 0-10999 ct mark set 0x00000f41 meta mark set 0x6d6f6c65
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
'';
|
|
||||||
in
|
|
||||||
''
|
|
||||||
${allowIncomming 9022}
|
|
||||||
${allowIncomming 5000}
|
|
||||||
|
|
||||||
######################################
|
######################################
|
||||||
# _ _ #
|
# _ _ #
|
||||||
|
|
Loading…
Reference in a new issue