diff options
| author | quentin@aristote.fr <quentin@aristote.fr> | 2023-06-26 22:01:08 +0200 |
|---|---|---|
| committer | quentin@aristote.fr <quentin@aristote.fr> | 2023-06-26 22:23:29 +0200 |
| commit | c7b7efb30112ce492569f8ddea591f14a5040f57 (patch) | |
| tree | 65032e1a3dbebc1b3b351515f419e7c7cfc27879 /config/networking/services/firewall/ruleset.nix | |
| parent | ffa8760638e20eee785f7ed4df9e2d56c18ffe53 (diff) | |
networking: detach enp3s0 from wan
Diffstat (limited to 'config/networking/services/firewall/ruleset.nix')
| -rw-r--r-- | config/networking/services/firewall/ruleset.nix | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/config/networking/services/firewall/ruleset.nix b/config/networking/services/firewall/ruleset.nix index 7184de7..5871385 100644 --- a/config/networking/services/firewall/ruleset.nix +++ b/config/networking/services/firewall/ruleset.nix @@ -101,12 +101,14 @@ in { chains = { wan_in.rules = with rulesCommon; dns + dhcp + ssh + ssdp; iot_in.rules = with rulesCommon; dns + dhcp + igmp; + eth0_in.rules = with rulesCommon; dns + dhcp; input = makeBaseChain "filter" "input" { rules = with rulesCommon; conntrack + ping + '' - meta iifname vmap { lo : accept \ - , ${nets.wan.interface} : goto wan_in \ - , ${nets.iot.interface} : goto iot_in } + meta iifname vmap { lo : accept \ + , ${nets.wan.interface} : goto wan_in \ + , ${nets.iot.interface} : goto iot_in \ + , ${nets.eth0.interface} : goto eth0_in } ''; }; iot_wan.rules = rulesCommon.sonos.player-controller; @@ -118,8 +120,10 @@ in { '' + conntrack + '' meta oifname ${nets.lan.interface} accept meta iifname . meta oifname vmap \ - { ${nets.wan.interface} . ${nets.iot.interface} : goto wan_iot \ - , ${nets.iot.interface} . ${nets.wan.interface} : goto iot_wan } + { ${nets.wan.interface} . ${nets.iot.interface} \ + : goto wan_iot \ + , ${nets.iot.interface} . ${nets.wan.interface} \ + : goto iot_wan } ''; }; }; |