bundles/pppd: allow dynamic configuration of nftables rules
All checks were successful
kunsi/bundlewrap/pipeline/head This commit looks good
All checks were successful
kunsi/bundlewrap/pipeline/head This commit looks good
This commit is contained in:
parent
20bbb3eb8e
commit
2b06c77439
GPG key ID:
12E3D2136B818350
3 changed files with 11 additions and 2 deletions
|
|
@ -105,8 +105,6 @@ nodes['home.router'] = {
|
|||
'50-router': [
|
||||
# This is a router. Allow forwarding traffic for internal networks.
|
||||
'inet filter forward ct state { related, established } accept',
|
||||
'inet filter forward iif enp1s0.23 oif ppp0 accept',
|
||||
'inet filter forward iif enp1s0.42 accept',
|
||||
|
||||
# yaaaaay, IPv6! No NAT!
|
||||
'inet filter forward ip6 nexthdr ipv6-icmp accept',
|
||||
|
|
@ -148,6 +146,10 @@ nodes['home.router'] = {
|
|||
'username': vault.decrypt('encrypt$gAAAAABfr8DLAJhmUIhdxLq83I8MnRRvkRgDZcO8Brvw1KpvplC3K8ZGj0jIIWD3Us33vIP6t0ybd_mgD8slpRUk78Kqd3BMoQ=='),
|
||||
'password': vault.decrypt('encrypt$gAAAAABfr8Cq5M1hweeJTQAl0dLhFntdlw-QnkIYUQpY-_ycODVWOpyeAwjwOgWLSdsdXIUvqcoiXPZPV-BE12p5C42NGnj9r7sKYpoGz8xfuGIk6haMa2g='),
|
||||
},
|
||||
'nftables-rules.d': {
|
||||
'inet filter forward iif enp1s0.23 oif $INTERFACE accept',
|
||||
'inet filter forward iif enp1s0.42 accept',
|
||||
},
|
||||
},
|
||||
'unbound': {
|
||||
'restrict-to': {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue