diff options
author | tv <tv@krebsco.de> | 2018-12-18 20:17:03 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2018-12-18 20:17:03 +0100 |
commit | 1fa1fa53062069de970548f88ad0211b4502f18d (patch) | |
tree | 30413fa29c1c43ff7af5ea684d92e613de4af295 /lass/1systems/prism/config.nix | |
parent | 8b4428816d1385e1dd5ec9bf0ce44ae0e284130a (diff) | |
parent | 23562e36190e07f338211541ac3d2cc77ebdbafa (diff) |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/1systems/prism/config.nix')
-rw-r--r-- | lass/1systems/prism/config.nix | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index ec3976519..6c454b4ac 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -298,16 +298,18 @@ with import <stockholm/lib>; } { imports = [ - <stockholm/lass/2configs/wirelum.nix> + <stockholm/lass/2configs/wiregrill.nix> + ]; + krebs.iptables.tables.nat.PREROUTING.rules = [ + { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; } + { v4 = false; precedence = 1000; predicate = "-s 42:1::/32"; target = "ACCEPT"; } ]; - #krebs.iptables.tables.nat.PREROUTING.rules = [ - # { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; } - #]; krebs.iptables.tables.filter.FORWARD.rules = [ - { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24 -d 10.243.0.0/16"; target = "ACCEPT"; } - { v6 = false; precedence = 1000; predicate = "-s 10.243.0.0/16 -d 10.244.1.0/24"; target = "ACCEPT"; } + { precedence = 1000; predicate = "-i wiregrill -o retiolum"; target = "ACCEPT"; } + { precedence = 1000; predicate = "-i retiolum -o wiregrill"; target = "ACCEPT"; } ]; krebs.iptables.tables.nat.POSTROUTING.rules = [ + { v4 = false; predicate = "-s 42:1:ce16::/48 ! -d 42:1:ce16::48"; target = "MASQUERADE"; } { v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; } ]; services.dnsmasq = { @@ -315,7 +317,7 @@ with import <stockholm/lib>; resolveLocalQueries = false; extraConfig= '' - listen-address=10.244.1.1 + listen-address=42:1:ce16::1 except-interface=lo interface=wg0 ''; |