From c7b7efb30112ce492569f8ddea591f14a5040f57 Mon Sep 17 00:00:00 2001 From: "quentin@aristote.fr" Date: Mon, 26 Jun 2023 22:01:08 +0200 Subject: networking: detach enp3s0 from wan --- config/networking/services/firewall/ruleset.nix | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'config/networking/services/firewall/ruleset.nix') diff --git a/config/networking/services/firewall/ruleset.nix b/config/networking/services/firewall/ruleset.nix index 7184de7..5871385 100644 --- a/config/networking/services/firewall/ruleset.nix +++ b/config/networking/services/firewall/ruleset.nix @@ -101,12 +101,14 @@ in { chains = { wan_in.rules = with rulesCommon; dns + dhcp + ssh + ssdp; iot_in.rules = with rulesCommon; dns + dhcp + igmp; + eth0_in.rules = with rulesCommon; dns + dhcp; input = makeBaseChain "filter" "input" { rules = with rulesCommon; conntrack + ping + '' - meta iifname vmap { lo : accept \ - , ${nets.wan.interface} : goto wan_in \ - , ${nets.iot.interface} : goto iot_in } + meta iifname vmap { lo : accept \ + , ${nets.wan.interface} : goto wan_in \ + , ${nets.iot.interface} : goto iot_in \ + , ${nets.eth0.interface} : goto eth0_in } ''; }; iot_wan.rules = rulesCommon.sonos.player-controller; @@ -118,8 +120,10 @@ in { '' + conntrack + '' meta oifname ${nets.lan.interface} accept meta iifname . meta oifname vmap \ - { ${nets.wan.interface} . ${nets.iot.interface} : goto wan_iot \ - , ${nets.iot.interface} . ${nets.wan.interface} : goto iot_wan } + { ${nets.wan.interface} . ${nets.iot.interface} \ + : goto wan_iot \ + , ${nets.iot.interface} . ${nets.wan.interface} \ + : goto iot_wan } ''; }; }; -- cgit v1.2.3