xun/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix firewall rules

Browse source
This commit is contained in:
xunuwu 2025-06-02 06:06:37 +02:00
parent df30989636
commit 3b826785e0
Signed by: xun
SSH key fingerprint: SHA256:Uot/1WoAjWAeqLOHA5vYy4phhVydsH7jCPmBjaPZfgI
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
sys/machines/rackserv/wireguard-server.nix
View file

@ -25,7 +25,7 @@
} }
]; ];
}; };
externalIp = "172.245.52.19";
b = builtins; b = builtins;
portsList = b.attrValues forwardPorts |> b.concatLists; portsList = b.attrValues forwardPorts |> b.concatLists;
portsAndIpsList = lib.mapAttrsToList (n: v: map (x: x // {destinationIp = n;}) v) forwardPorts |> b.concatLists; portsAndIpsList = lib.mapAttrsToList (n: v: map (x: x // {destinationIp = n;}) v) forwardPorts |> b.concatLists;
@ -37,7 +37,7 @@
|> map (x: |> map (x:
x.protocols x.protocols
|> map (protocol: '' |> map (protocol: ''
iptables -t nat -A PREROUTING -p ${protocol} --dport ${toString x.port} -j DNAT --to-destination ${x.destinationIp} iptables -t nat -A PREROUTING -p ${protocol} -d ${externalIp} --dport ${toString x.port} -j DNAT --to-destination ${x.destinationIp}
iptables -t nat -A POSTROUTING -p ${protocol} -d ${x.destinationIp} --dport ${toString x.port} -j SNAT --to-source 172.245.52.19 iptables -t nat -A POSTROUTING -p ${protocol} -d ${x.destinationIp} --dport ${toString x.port} -j SNAT --to-source 172.245.52.19
'')) ''))
|> b.concatLists |> b.concatLists
@ -48,7 +48,7 @@
|> map (x: |> map (x:
x.protocols x.protocols
|> map (protocol: '' |> map (protocol: ''
iptables -t nat -D PREROUTING -p ${protocol} --dport ${toString x.port} -j DNAT --to-destination ${x.destinationIp} || true iptables -t nat -D PREROUTING -p ${protocol} -d ${externalIp} --dport ${toString x.port} -j DNAT --to-destination ${x.destinationIp} || true
iptables -t nat -D POSTROUTING -p ${protocol} -d ${x.destinationIp} --dport ${toString x.port} -j SNAT --to-source 172.245.52.19 || true iptables -t nat -D POSTROUTING -p ${protocol} -d ${x.destinationIp} --dport ${toString x.port} -j SNAT --to-source 172.245.52.19 || true
'')) ''))
|> b.concatLists |> b.concatLists
@ -65,7 +65,7 @@
netdevConfig = { netdevConfig = {
Kind = "wireguard"; Kind = "wireguard";
Name = "wg0"; Name = "wg0";
MTUBytes = "1300"; MTUBytes = "1420";
}; };
wireguardConfig = { wireguardConfig = {
ListenPort = 51820; ListenPort = 51820;