Add VPN firewall rule @arrakis

author: Mark Nipper <nipsy@bitgnome.net> 2025-09-22 18:25:59 -0700
committer: Mark Nipper <nipsy@bitgnome.net> 2025-09-22 18:25:59 -0700
commit: d6e0783dd3c72dc05f18bb72b5054fc68356f916 (patch)
tree: 266248a7de7826b4aadb856ebdd6ee6078aa7747 /hosts
parent: a001a9eec4f8cab64cea4c1189103e659ccee76a (diff)
download: nix-d6e0783dd3c72dc05f18bb72b5054fc68356f916.tar
nix-d6e0783dd3c72dc05f18bb72b5054fc68356f916.tar.gz
nix-d6e0783dd3c72dc05f18bb72b5054fc68356f916.tar.bz2
nix-d6e0783dd3c72dc05f18bb72b5054fc68356f916.tar.lz
nix-d6e0783dd3c72dc05f18bb72b5054fc68356f916.tar.xz
nix-d6e0783dd3c72dc05f18bb72b5054fc68356f916.tar.zst
nix-d6e0783dd3c72dc05f18bb72b5054fc68356f916.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/hosts/arrakis/default.nix b/hosts/arrakis/default.nix
index 6ca2eff..392468c 100644
--- a/hosts/arrakis/default.nix
+++ b/hosts/arrakis/default.nix
@@ -68,7 +68,8 @@
     		# allow any traffic out through VPN
     		oifname wg1 accept
     
-    		# drop everything else
+                # drop everything else
+                tcp flags & (fin | syn | rst | ack) == syn log prefix "refused connection: " level info
     		counter drop
     	}
author	Mark Nipper <nipsy@bitgnome.net>	2025-09-22 18:25:59 -0700
committer	Mark Nipper <nipsy@bitgnome.net>	2025-09-22 18:25:59 -0700
commit	d6e0783dd3c72dc05f18bb72b5054fc68356f916 (patch)
tree	266248a7de7826b4aadb856ebdd6ee6078aa7747 /hosts
parent	a001a9eec4f8cab64cea4c1189103e659ccee76a (diff)
download	nix-d6e0783dd3c72dc05f18bb72b5054fc68356f916.tar nix-d6e0783dd3c72dc05f18bb72b5054fc68356f916.tar.gz nix-d6e0783dd3c72dc05f18bb72b5054fc68356f916.tar.bz2 nix-d6e0783dd3c72dc05f18bb72b5054fc68356f916.tar.lz nix-d6e0783dd3c72dc05f18bb72b5054fc68356f916.tar.xz nix-d6e0783dd3c72dc05f18bb72b5054fc68356f916.tar.zst nix-d6e0783dd3c72dc05f18bb72b5054fc68356f916.zip