summaryrefslogtreecommitdiff
path: root/config/networking/services
diff options
context:
space:
mode:
Diffstat (limited to 'config/networking/services')
-rw-r--r--config/networking/services/firewall/ruleset.nix6
1 files changed, 5 insertions, 1 deletions
diff --git a/config/networking/services/firewall/ruleset.nix b/config/networking/services/firewall/ruleset.nix
index e3427e4..3418ef8 100644
--- a/config/networking/services/firewall/ruleset.nix
+++ b/config/networking/services/firewall/ruleset.nix
@@ -137,6 +137,10 @@ in {
wan_iot.rules = with rulesCommon; sonos.controller-player + ssdp;
wan_enp3s0.rules = rulesCommon.kdeconnect;
enp3s0_wan.rules = rulesCommon.kdeconnect;
+ extranet.rules = ''
+ meta iifname wan accept
+ ip daddr != { 192.168.0.0-192.168.255.255, 172.16.0.0-172.31.255.255 } accept
+ '';
forward = makeBaseChain "filter" "forward" {
rules = with rulesCommon;
''
@@ -144,7 +148,7 @@ in {
''
+ conntrack
+ ''
- meta oifname enp4s0 accept
+ meta oifname enp4s0 goto extranet
meta iifname . meta oifname vmap \
{ wan . iot : goto wan_iot \
, iot . wan : goto iot_wan \
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-25 10:50:00 +0000