crony/nix-conf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow wireguard traffic.

Browse Source
This commit is contained in:
CronyAkatsuki 2025-01-29 22:32:03 +01:00
parent 06f320d34f
commit 9572063e04
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
hosts/nixos/configuration.nix
View File

@ -94,6 +94,21 @@
fsType = "nfs"; fsType = "nfs";
}; };
# Allow for wireguard traffic
networking.firewall = {
# if packets are still dropped, they will show up in dmesg
logReversePathDrops = true;
# wireguard trips rpfilter up
extraCommands = ''
ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN
ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN
'';
extraStopCommands = ''
ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true
ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true
'';
};
# DO NOT CHANGE # DO NOT CHANGE
system.stateVersion = "24.11"; system.stateVersion = "24.11";
} }