vpn: allow traffic outside vpn
This commit is contained in:
parent
b085e22f80
commit
364980bf63
|
@ -5,24 +5,17 @@
|
|||
|
||||
networking.nftables = {
|
||||
enable = true;
|
||||
ruleset =
|
||||
let
|
||||
allowIncomming = port: ''
|
||||
table inet allow${toString port} {
|
||||
ruleset = ''
|
||||
table inet allowAll {
|
||||
chain allowIncoming {
|
||||
type filter hook input priority -100; policy accept;
|
||||
tcp dport ${toString port} ct mark set 0x00000f41 meta mark set 0x6d6f6c65
|
||||
tcp dport 0-10999 ct mark set 0x00000f41 meta mark set 0x6d6f6c65
|
||||
}
|
||||
chain allowOutgoing {
|
||||
type route hook output priority -100; policy accept;
|
||||
tcp sport ${toString port} ct mark set 0x00000f41 meta mark set 0x6d6f6c65
|
||||
tcp sport 0-10999 ct mark set 0x00000f41 meta mark set 0x6d6f6c65
|
||||
}
|
||||
}
|
||||
'';
|
||||
in
|
||||
''
|
||||
${allowIncomming 9022}
|
||||
${allowIncomming 5000}
|
||||
|
||||
######################################
|
||||
# _ _ #
|
||||
|
|
Loading…
Reference in a new issue