aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMark Nipper <nipsy@bitgnome.net>2025-09-22 18:54:51 -0700
committerMark Nipper <nipsy@bitgnome.net>2025-09-22 18:54:51 -0700
commit02952de4eec3b65d2612925e1ce168ed2dc5db45 (patch)
treefa3292084dd6d1959bf13fbdf2a51320debb34e6
parentd6e0783dd3c72dc05f18bb72b5054fc68356f916 (diff)
downloadnix-02952de4eec3b65d2612925e1ce168ed2dc5db45.tar
nix-02952de4eec3b65d2612925e1ce168ed2dc5db45.tar.gz
nix-02952de4eec3b65d2612925e1ce168ed2dc5db45.tar.bz2
nix-02952de4eec3b65d2612925e1ce168ed2dc5db45.tar.lz
nix-02952de4eec3b65d2612925e1ce168ed2dc5db45.tar.xz
nix-02952de4eec3b65d2612925e1ce168ed2dc5db45.tar.zst
nix-02952de4eec3b65d2612925e1ce168ed2dc5db45.zip
Add VPN firewall rule and enable all namespace firewall logging @arrakis
Diffstat
-rw-r--r--hosts/arrakis/default.nix3
1 files changed, 2 insertions, 1 deletions
diff --git a/hosts/arrakis/default.nix b/hosts/arrakis/default.nix
index 392468c..c5b1f89 100644
--- a/hosts/arrakis/default.nix
+++ b/hosts/arrakis/default.nix
@@ -4,6 +4,7 @@
kernel.sysctl = {
"kernel.hostname" = "arrakis.bitgnome.net";
"net.ipv4.ip_forward" = 1;
+ "net.netfilter.nf_log_all_netns" = 1;
#"net.ipv4.conf.all.proxy_arp" = 1;
};
kernelPackages = pkgs.linuxPackages_6_16;
@@ -63,7 +64,7 @@
oifname veth.vpn skuid nipsy tcp sport 8080 accept # qBittorrent
oifname veth.vpn skuid nipsy tcp sport 9696 accept # Prowlarr
oifname veth.vpn skuid nipsy ip daddr 192.168.1.2 tcp dport { 7878, 8686, 8787, 8989 } accept # Prowlarr to { Radarr, Lidarr, Readarr, Sonarr }
- oifname veth.vpn skuid nipsy ip daddr 192.168.1.3 tcp dport 8080 accept # Prowlarr to qBittorrent
+ oif lo skuid nipsy ip daddr 192.168.1.3 tcp dport 8080 accept # Prowlarr to qBittorrent
# allow any traffic out through VPN
oifname wg1 accept
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-13 23:10:41 +0000