materus
/
nixos-config
mirror of https://github.com/materusPL/nixos-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

materusPC: change rpfilter for wireguard

This commit is contained in:
Mateusz Słodkowicz 2024-09-15 21:41:55 +02:00
parent 879c876721
commit 7135b53f7d
Signed by: materus
GPG Key ID: 28D140BCA60B4FD1
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
configurations/host/materusPC/network.nix
View File

@ -4,6 +4,19 @@
WIREGUARD_PRIVATEKEY="${config.sops.placeholder.wireguard}" WIREGUARD_PRIVATEKEY="${config.sops.placeholder.wireguard}"
''; '';
networking.firewall = {
logReversePathDrops = false;
# wireguard trips rpfilter up
extraCommands = ''
ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport ${materusArg.wireguard.port} -j RETURN
ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport ${materusArg.wireguard.port} -j RETURN
'';
extraStopCommands = ''
ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport ${materusArg.wireguard.port} -j RETURN || true
ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport ${materusArg.wireguard.port} -j RETURN || true
'';
};
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
networking.hostName = "materusPC"; networking.hostName = "materusPC";
networking.wireless.iwd.enable = true; networking.wireless.iwd.enable = true;
@ -24,6 +37,7 @@
}; };
}; };
networking.networkmanager.ensureProfiles.environmentFiles = [ networking.networkmanager.ensureProfiles.environmentFiles = [
config.sops.templates."networkmanager.env".path config.sops.templates."networkmanager.env".path
]; ];