nixos-module/firewall: allow ospf on routers
This commit is contained in:
parent
cf1a645d54
commit
19527e47fd
|
@ -1,9 +1,17 @@
|
||||||
{ hostName, config, lib, ... }:
|
{ hostName, config, lib, ... }:
|
||||||
|
|
||||||
lib.mkIf config.site.hosts.${hostName}.firewall.enable {
|
let
|
||||||
|
hostConfig = config.site.hosts.${hostName};
|
||||||
|
|
||||||
|
in
|
||||||
|
lib.mkIf hostConfig.firewall.enable {
|
||||||
networking.firewall = {
|
networking.firewall = {
|
||||||
enable = true;
|
enable = true;
|
||||||
extraCommands = ''
|
extraCommands = ''
|
||||||
|
${lib.optional hostConfig.isRouter ''
|
||||||
|
ip46tables -I nixos-fw -p ospfigp -j ACCEPT
|
||||||
|
''}
|
||||||
|
|
||||||
ip46tables -A FORWARD -i core -m state --state ESTABLISHED,RELATED -j ACCEPT
|
ip46tables -A FORWARD -i core -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||||
ip46tables -A FORWARD -i core -j REJECT
|
ip46tables -A FORWARD -i core -j REJECT
|
||||||
'';
|
'';
|
||||||
|
|
Loading…
Reference in New Issue