mullvad setup

author: Kjetil Orbekk <kj@orbekk.com> 2021-03-08 19:57:51 -0500
committer: Kjetil Orbekk <kj@orbekk.com> 2021-03-08 19:57:51 -0500
commit: ff7006318cd00a9b059927edd10e772c7e854dd2 (patch)
tree: 5da14b2082ed6138beeffef935fe0e00d0c0cd85 /config
parent: 70b4fd29a6ea366bcdc70b40dd1dfd7f8501b48f (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/config/router.nix b/config/router.nix
index 3003c0e..83a2d64 100644
--- a/config/router.nix
+++ b/config/router.nix
@@ -2,8 +2,11 @@
 let
   wan-dev = "eno1";
   lan-dev = "eno2";
+  mullvadPort = config.orbekk.mullvad.listenPort;
 in
 {
+  orbekk.mullvad.enable = true;
+
   networking.networkmanager.enable = lib.mkForce false;
 
   networking.nameservers = [ "8.8.8.8" ];
@@ -61,6 +64,7 @@ in
             proto tcp dport ssh ACCEPT;
             proto (tcp udp) dport domain ACCEPT;
             proto tcp dport (http https) ACCEPT;
+            proto udp dport ${mullvadPort} ACCEPT;
           }
 
           interface $DEV_LAN @subchain "lan_services" {
author	Kjetil Orbekk <kj@orbekk.com>	2021-03-08 19:57:51 -0500
committer	Kjetil Orbekk <kj@orbekk.com>	2021-03-08 19:57:51 -0500
commit	ff7006318cd00a9b059927edd10e772c7e854dd2 (patch)
tree	5da14b2082ed6138beeffef935fe0e00d0c0cd85 /config
parent	70b4fd29a6ea366bcdc70b40dd1dfd7f8501b48f (diff)