vpn: allow traffic outside vpn

2023-03-30 13:28:05 -03:00 · 2023-03-30 13:28:05 -03:00 · 364980bf63
parent b085e22f80
commit 364980bf63
1 changed files with 61 additions and 68 deletions
--- a/system/vpn.nix
+++ b/system/vpn.nix
@ -5,24 +5,17 @@

  networking.nftables = {
    enable = true;
-    ruleset =
-      let
-        allowIncomming = port: ''
-          table inet allow${toString port} {
+    ruleset = ''
+      table inet allowAll {
          chain allowIncoming {
              type filter hook input priority -100; policy accept;
-                  tcp dport ${toString port} ct mark set 0x00000f41 meta mark set 0x6d6f6c65
+              tcp dport 0-10999 ct mark set 0x00000f41 meta mark set 0x6d6f6c65
          }
          chain allowOutgoing {
              type route hook output priority -100; policy accept;
-                  tcp sport ${toString port} ct mark set 0x00000f41 meta mark set 0x6d6f6c65
+              tcp sport 0-10999 ct mark set 0x00000f41 meta mark set 0x6d6f6c65
          }
      }
-        '';
-      in
-      ''
-        ${allowIncomming 9022}
-        ${allowIncomming 5000}

      ######################################
      #       _            _               #