summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKjetil Orbekk <kj@orbekk.com>2023-12-26 18:53:49 -0500
committerKjetil Orbekk <kj@orbekk.com>2023-12-26 18:53:49 -0500
commite4e3ad196af66d5adc2d1a99e06a871804b43f09 (patch)
treee59034f1b326e3c27355150c09fccfd57c5e69e9
parent747ba4653e24ad5c33a114b412871c86db9dd693 (diff)
avahi
Diffstat
-rw-r--r--machines/dragon.nix4
-rw-r--r--modules/router.nix10
2 files changed, 12 insertions, 2 deletions
diff --git a/machines/dragon.nix b/machines/dragon.nix
index 60c1f8b..4dee80a 100644
--- a/machines/dragon.nix
+++ b/machines/dragon.nix
@@ -20,6 +20,10 @@ in {
services.avahi.enable = true;
services.avahi.nssmdns = true;
+ services.avahi.openFirewall = true;
+ services.avahi.publish.enable = true;
+ services.avahi.publish.hinfo = true;
+ services.avahi.publish.userServices = true;
services.tlp.enable = true;
services.tlp.settings = {
diff --git a/modules/router.nix b/modules/router.nix
index ace0b57..bc4a83f 100644
--- a/modules/router.nix
+++ b/modules/router.nix
@@ -196,6 +196,13 @@ let
let
ports-to-csv = ports: concatStringsSep "," (map toString ports);
in ''
+ define LAN_INTERFACES = {
+ "vpnlan-vport",
+ "lan-vport",
+ "servers-vport",
+ "dragon-vport",
+ "dragonvpn-vport",
+ };
define SERVER_WAN_PORTS = {
ssh, domain, http, https,
${toString mullvadPort}
@@ -212,8 +219,7 @@ let
ct state {established, related} counter accept
meta l4proto {tcp, udp} th dport {bootps, bootpc, domain, dhcpv6-client, dhcpv6-server, ${toString vpnPort}} counter accept
- iifname vpnlan-vport meta l4proto {tcp, udp} th dport mdns counter accept comment "avahi/mdns"
- iifname lan-vport meta l4proto {tcp, udp} th dport mdns counter accept comment "avahi/mdns"
+ iifname $LAN_INTERFACES meta l4proto {tcp, udp} th dport mdns counter accept comment "avahi/mdns"
ip protocol ipv6 counter accept comment "sit tunnel"
ip protocol icmp limit rate 4/second counter accept comment "icmp v4"
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-05 10:30:42 +0000