lbailly/liminix
1
0
Fork 0
forked from DGNum/liminix
Code Pull requests 2 Activity Actions

firewall: make ipv4 work

Browse source
This commit is contained in:
Daniel Barlow 2024-02-08 22:59:47 +00:00
parent 273c66b2d3
commit aca3e11631
1 changed files with 7 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
examples/demo-firewall.nix
View file

@ -184,8 +184,9 @@ in {
family = "ip";
rules = [
(accept "udp dport 547")
(accept "tcp dport 22")
(accept "udp dport 67") # dhcp
(accept "udp dport 53") # dns
(accept "tcp dport 22") # ssh
];
};
@ -194,6 +195,7 @@ in {
family = "ip";
rules = [
(accept "udp sport 53")
];
};
@ -204,10 +206,11 @@ in {
hook = "input";
rules = [
"iifname lo accept"
"icmp type { echo-request, echo-reply } accept"
"iifname int jump input-ip4-lan"
"iifname ppp0 jump input-ip4-wan"
"oifname \"int\" iifname \"ppp0\" jump incoming-allowed-ip4"
"ct state vmap established,related accept"
"ct state established,related accept"
"log prefix \"DENIED CHAIN=input-ip4 \""
];
};
@ -219,7 +222,7 @@ in {
hook = "forward";
rules = [
"iifname \"int\" accept"
"ct state vmap { established : accept, related : accept, invalid : drop }"
"ct state established,related accept"
"oifname \"int\" iifname \"ppp0\" jump incoming-allowed-ip4"
"log prefix \"DENIED CHAIN=forward-ip4 \""
];