dadada/nix-config
dadada/nix-config
1
0
Fork 0
Code Issues 2 Pull requests 5 Projects Releases Packages Wiki Activity Actions 1

tunnel munin node traffic on lan through wireguard

Browse source
This commit is contained in:
Tim Schubert 2024-03-23 18:37:56 +01:00
parent 017725d2cf
commit 7d1047e5fe
Signed by: dadada
SSH key fingerprint: SHA256:bFAjFH3hR8zRBaJjzQDjc3o4jqoq5EZ87l+KXEjxIz0
7 changed files with 87 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

6
nixos/agares/rules.nft
View file

@ -64,13 +64,17 @@ table inet filter {
udp dport { 53, 67 } accept comment "Allow DNS and DHCP from Freifunk"
}
chain input_wg0 {
tcp dport 4949 accept comment "Munin node"
}
chain input {
type filter hook input priority filter; policy drop;
ct state {established, related} counter accept comment "Accept packets from established and related connections"
ct state invalid counter drop comment "Early drop of invalid packets"
iifname vmap { lo : accept, $IF_WAN : jump input_wan, $IF_LAN : jump input_lan, $IF_FF : jump input_ff, $IF_ROADW : jump input_roadw, $IF_MODEM : jump input_modem, $IF_MGMT : jump input_mgmt }
iifname vmap { lo : accept, $IF_WAN : jump input_wan, $IF_LAN : jump input_lan, $IF_FF : jump input_ff, $IF_ROADW : jump input_roadw, $IF_MODEM : jump input_modem, $IF_MGMT : jump input_mgmt, wg0 : jump input_wg0 }
}
# Only works if hardware flow offloading is available