diff options
| author | Kjetil Orbekk <kj@orbekk.com> | 2022-10-05 20:04:41 -0400 |
|---|---|---|
| committer | Kjetil Orbekk <kj@orbekk.com> | 2022-10-05 20:04:41 -0400 |
| commit | 6d19f59b085d162d25c027d3d7014aefd95020ee (patch) | |
| tree | ac800c7e2d2736d1c253281e20121b3f7b8c3214 | |
| parent | afbcb7b0ad2122aa30d858d89546cfe4c7cc73dd (diff) | |
Trust vpn traffic
| -rw-r--r-- | data/aliases.nix | 2 | ||||
| -rw-r--r-- | modules/simple-firewall.nix | 2 |
2 files changed, 3 insertions, 1 deletions
diff --git a/data/aliases.nix b/data/aliases.nix index 6f8d5f4..95d8ebe 100644 --- a/data/aliases.nix +++ b/data/aliases.nix @@ -55,6 +55,6 @@ rec { hledger-web = { port = 11116; }; prometheus-pms7003-exporter = { host = "172.20.100.10"; port = 11117; }; keycloak = { http-port = 11118; https-port = 11119; }; - bridge = { host = "pincer"; port = 11120; }; + bridge = { host = "pincer.nyc.orbekk.com"; port = 11120; }; }; } diff --git a/modules/simple-firewall.nix b/modules/simple-firewall.nix index c2ed26b..3c69d5d 100644 --- a/modules/simple-firewall.nix +++ b/modules/simple-firewall.nix @@ -55,6 +55,8 @@ in ip protocol icmp limit rate 4/second counter accept ip6 nexthdr ipv6-icmp limit rate 4/second counter accept + ip6 saddr 2001:470:8e2e:1000::/64 counter accept + tcp dport @allowed_tcp_ports counter accept udp dport @allowed_udp_ports counter accept |