diff options
author | Kjetil Orbekk <kj@orbekk.com> | 2023-10-07 12:07:45 -0400 |
---|---|---|
committer | Kjetil Orbekk <kj@orbekk.com> | 2023-10-07 12:07:45 -0400 |
commit | e34a984b21e4daef9a8dc133e994b1bf4ad55ce6 (patch) | |
tree | 88feb37d1509e12d6e84c3841e2e9b90ea571571 /modules/router.nix | |
parent | 034e42f942bd62c61ceca02be2d876b4f482cbf5 (diff) |
fix
Diffstat (limited to 'modules/router.nix')
-rw-r--r-- | modules/router.nix | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/modules/router.nix b/modules/router.nix index 5864eb3..29de644 100644 --- a/modules/router.nix +++ b/modules/router.nix @@ -219,11 +219,13 @@ let ip6 nexthdr ipv6-icmp limit rate 4/second counter accept comment "accept all ICMP types" ct state vmap { established : accept, related : accept, invalid : drop } + # Don't allow accidental vpn forwarding to wan. iifname vpnlan-vport oifname wan-vport counter reject oifname he0 counter accept oifname wan-vport counter accept oifname mullvad counter accept + iifname wg-vpn oifname wg-vpn counter accept # Transmission ip daddr 172.20.20.2 th dport {9091, 56732} counter accept; |