nixos-module/firewall: allow ospf on routers

2024-02-05 03:45:05 +01:00 · 2024-02-05 03:45:05 +01:00 · 19527e47fd
parent cf1a645d54
commit 19527e47fd
1 changed files with 9 additions and 1 deletions
--- a/nix/nixos-module/firewall.nix
+++ b/nix/nixos-module/firewall.nix
@ -1,9 +1,17 @@
 { hostName, config, lib, ... }:

-lib.mkIf config.site.hosts.${hostName}.firewall.enable {
+let
+  hostConfig = config.site.hosts.${hostName};
+
+in
+lib.mkIf hostConfig.firewall.enable {
  networking.firewall = {
    enable = true;
    extraCommands = ''
+      ${lib.optional hostConfig.isRouter ''
+        ip46tables -I nixos-fw -p ospfigp -j ACCEPT
+      ''}
+
      ip46tables -A FORWARD -i core -m state --state ESTABLISHED,RELATED -j ACCEPT
      ip46tables -A FORWARD -i core -j REJECT
    '';