maralorn/nixos-config
1
0
Fork 0
Code Wiki Activity

Improve v6 forwarding on hera

Browse source
This commit is contained in:
Malte Brandy 2021-12-17 02:21:23 +01:00
parent 89fa161ee9
commit f1bb589808
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
nixos/machines/hera/network.nix
View file

@ -4,6 +4,7 @@ let
inherit (config.m-0) hosts;
in
{
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
networking = {
hostName = "hera";
domain = "m-0.eu";
@ -32,10 +33,10 @@ in
firewall = {
extraCommands = ''
ip6tables -A INPUT -s ${config.m-0.prefix}::/64 -j ACCEPT
ip6tables -A INPUT -i m0wire -j ACCEPT
ip6tables -A FORWARD -p ipv6-icmp -j ACCEPT
ip6tables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
ip6tables -A FORWARD ! -s ${config.m-0.prefix}::/64 -j DROP
ip6tables -A FORWARD ! -i m0wire -j nixos-fw-log-refuse
'';
};