summaryrefslogtreecommitdiff
path: root/modules/router.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/router.nix')
-rw-r--r--modules/router.nix10
1 files changed, 8 insertions, 2 deletions
diff --git a/modules/router.nix b/modules/router.nix
index ace0b57..bc4a83f 100644
--- a/modules/router.nix
+++ b/modules/router.nix
@@ -196,6 +196,13 @@ let
let
ports-to-csv = ports: concatStringsSep "," (map toString ports);
in ''
+ define LAN_INTERFACES = {
+ "vpnlan-vport",
+ "lan-vport",
+ "servers-vport",
+ "dragon-vport",
+ "dragonvpn-vport",
+ };
define SERVER_WAN_PORTS = {
ssh, domain, http, https,
${toString mullvadPort}
@@ -212,8 +219,7 @@ let
ct state {established, related} counter accept
meta l4proto {tcp, udp} th dport {bootps, bootpc, domain, dhcpv6-client, dhcpv6-server, ${toString vpnPort}} counter accept
- iifname vpnlan-vport meta l4proto {tcp, udp} th dport mdns counter accept comment "avahi/mdns"
- iifname lan-vport meta l4proto {tcp, udp} th dport mdns counter accept comment "avahi/mdns"
+ iifname $LAN_INTERFACES meta l4proto {tcp, udp} th dport mdns counter accept comment "avahi/mdns"
ip protocol ipv6 counter accept comment "sit tunnel"
ip protocol icmp limit rate 4/second counter accept comment "icmp v4"
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 15:22:58 +0000