From 6843bc8622090f6fb8407aff099030b3df76d93d Mon Sep 17 00:00:00 2001 From: iFargle Date: Thu, 21 Dec 2023 16:01:40 +0900 Subject: [PATCH] test --- nixos/hosts/osaka-linode-01/firewall.nix | 37 +++++++++++++----------- 1 file changed, 20 insertions(+), 17 deletions(-) diff --git a/nixos/hosts/osaka-linode-01/firewall.nix b/nixos/hosts/osaka-linode-01/firewall.nix index 7593932d..9aa480a8 100644 --- a/nixos/hosts/osaka-linode-01/firewall.nix +++ b/nixos/hosts/osaka-linode-01/firewall.nix @@ -1,32 +1,35 @@ { config, lib, pkgs, ... }: { - networking.firewall.allowedUDPPorts = [ - 3478 # Headscale DERP UDP - ]; - networking.firewall.allowedTCPPorts = [ - 80 # HTTP - 443 # HTTPS - 42420 # Vintage Story - 25565 # Minecraft - 1443 # Headscale DERP - ]; - networking = { + firewall = { + allowedUDPPorts = [ + 3478 # Headscale DERP UDP + ]; + allowedTCPPorts = [ + 80 # HTTP + 443 # HTTPS + 42420 # Vintage Story + 25565 # Minecraft + 1443 # Headscale DERP + ]; + }; + nftables = { enable = true; ruleset = '' table ip nat { chain PREROUTING { type nat hook prerouting priority dstnat; policy accept; - iifname "enp0s4" tcp dport 80 dnat to 10.100.0.2:80 # HTTP - iifname "enp0s4" tcp dport 443 dnat to 10.100.0.2:443 # HTTPS - iifname "enp0s4" tcp dport 42420 dnat to 10.100.0.2:42420 # Vintage Story - iifname "enp0s4" tcp dport 25565 dnat to 10.100.0.2:25565 # Minecraft - iifname "enp0s4" tcp dport 1443 dnat to 10.100.0.2:1443 # Headscale DERP (tcp) - iifname "enp0s4" tcp dport 3478 dnat to 10.100.0.2:3478 # Headscale DERP (udp) + iifname "enp0s4" tcp dport 80 dnat to 10.100.0.2:80; # HTTP + iifname "enp0s4" tcp dport 443 dnat to 10.100.0.2:443; # HTTPS + iifname "enp0s4" tcp dport 42420 dnat to 10.100.0.2:42420; # Vintage Story + iifname "enp0s4" tcp dport 25565 dnat to 10.100.0.2:25565; # Minecraft + iifname "enp0s4" tcp dport 1443 dnat to 10.100.0.2:1443; # Headscale DERP (tcp) + iifname "enp0s4" tcp dport 3478 dnat to 10.100.0.2:3478; # Headscale DERP (udp) } } ''; }; + nat = { enable = true; internalInterfaces = [ "wireguard0" ];