l wiregrill: allow retiolum <-> wiregrill

This commit is contained in:
lassulus 2022-05-29 20:13:53 +02:00
parent 1bf8ca7240
commit 85db885279

View File

@ -18,6 +18,10 @@ in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) {
]; ];
krebs.iptables.tables.filter.FORWARD.rules = mkIf isRouter [ krebs.iptables.tables.filter.FORWARD.rules = mkIf isRouter [
{ precedence = 1000; predicate = "-i wiregrill -o wiregrill"; target = "ACCEPT"; } { precedence = 1000; predicate = "-i wiregrill -o wiregrill"; target = "ACCEPT"; }
{ precedence = 1000; predicate = "-i wiregrill -o retiolum"; target = "ACCEPT"; }
{ precedence = 1000; predicate = "-i retiolum -o wiregrill"; target = "ACCEPT"; }
{ precedence = 1000; predicate = "-i wiregrill -o eth0"; target = "ACCEPT"; }
{ precedence = 1000; predicate = "-o wiregrill -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
]; ];
networking.wireguard.interfaces.wiregrill = { networking.wireguard.interfaces.wiregrill = {