l wiregrill: allow retiolum <-> wiregrill

2022-05-29 20:13:53 +02:00 · 2022-05-29 20:13:53 +02:00 · 85db885279
commit 85db885279
parent 1bf8ca7240
1 changed files with 4 additions and 0 deletions
--- a/lass/2configs/wiregrill.nix
+++ b/lass/2configs/wiregrill.nix
@ -18,6 +18,10 @@ in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) {
  ];
  krebs.iptables.tables.filter.FORWARD.rules = mkIf isRouter [
    { precedence = 1000; predicate = "-i wiregrill -o wiregrill"; target = "ACCEPT"; }
+    { precedence = 1000; predicate = "-i wiregrill -o retiolum"; target = "ACCEPT"; }
+    { precedence = 1000; predicate = "-i retiolum -o wiregrill"; target = "ACCEPT"; }
+    { precedence = 1000; predicate = "-i wiregrill -o eth0"; target = "ACCEPT"; }
+    { precedence = 1000; predicate = "-o wiregrill -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
  ];

  networking.wireguard.interfaces.wiregrill = {