sora/nixconfig
1
0
Fork 1
Code Issues 2 Pull Requests Actions Releases Activity

nft

Browse Source
This commit is contained in:
soraefir
2026-05-08 02:17:10 +02:00
parent 1a8eb085df
commit 4c1f9f0e78
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
modules/server/nftables/default.nix
View File

@@ -27,8 +27,12 @@ in{
${if cfg.web then ''udp dport {80, 443} accept'' else ""} ${if cfg.web then ''udp dport {80, 443} accept'' else ""}
${if cfg.wireguard then ''tcp dport {1515} accept'' else ""} ${if cfg.wireguard then ''tcp dport {1515} accept'' else ""}
${if cfg.wireguard then ''udp dport {1515} accept'' else ""} ${if cfg.wireguard then ''udp dport {1515} accept'' else ""}
}
chain forward {
type filter hook forward priority filter; policy drop;
ct state established,related accept
iifname { "podman*", "veth*" } accept
oifname { "podman*", "veth*" } accept
} }
} }
${if cfg.nftables.enable then '' ${if cfg.nftables.enable then ''