summaryrefslogtreecommitdiffstats
path: root/lass/1systems/prism/config.nix
diff options
context:
space:
mode:
Diffstat (limited to 'lass/1systems/prism/config.nix')
-rw-r--r--lass/1systems/prism/config.nix16
1 files changed, 9 insertions, 7 deletions
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index ec3976519..6c454b4ac 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -298,16 +298,18 @@ with import <stockholm/lib>;
}
{
imports = [
- <stockholm/lass/2configs/wirelum.nix>
+ <stockholm/lass/2configs/wiregrill.nix>
+ ];
+ krebs.iptables.tables.nat.PREROUTING.rules = [
+ { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
+ { v4 = false; precedence = 1000; predicate = "-s 42:1::/32"; target = "ACCEPT"; }
];
- #krebs.iptables.tables.nat.PREROUTING.rules = [
- # { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
- #];
krebs.iptables.tables.filter.FORWARD.rules = [
- { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24 -d 10.243.0.0/16"; target = "ACCEPT"; }
- { v6 = false; precedence = 1000; predicate = "-s 10.243.0.0/16 -d 10.244.1.0/24"; target = "ACCEPT"; }
+ { precedence = 1000; predicate = "-i wiregrill -o retiolum"; target = "ACCEPT"; }
+ { precedence = 1000; predicate = "-i retiolum -o wiregrill"; target = "ACCEPT"; }
];
krebs.iptables.tables.nat.POSTROUTING.rules = [
+ { v4 = false; predicate = "-s 42:1:ce16::/48 ! -d 42:1:ce16::48"; target = "MASQUERADE"; }
{ v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; }
];
services.dnsmasq = {
@@ -315,7 +317,7 @@ with import <stockholm/lib>;
resolveLocalQueries = false;
extraConfig= ''
- listen-address=10.244.1.1
+ listen-address=42:1:ce16::1
except-interface=lo
interface=wg0
'';