update firewall rules to allow upnp requests

2024-11-14 03:49:23 +01:00 · 2024-11-14 03:49:23 +01:00 · 1d2cb130cf
commit 1d2cb130cf
parent cda6fff78b
1 changed files with 13 additions and 3 deletions
--- a/modules/services/wgautomesh.nix
+++ b/modules/services/wgautomesh.nix
@ -40,9 +40,19 @@ in {
    default = true;
  };
  config = {
-    networking.firewall.allowedUDPPorts = [
-      wireguardPort
-    ];
+    networking.firewall = {
+      allowedUDPPorts = [
+        wireguardPort
+      ];
+      extraCommands = ''
+        # Allow UDP packets comming from port 1900 from a local address,
+        # these are necessary for UPnP/IGD
+        iptables -A INPUT -s 192.168.0.0/16 -p udp --sport 1900 -j ACCEPT
+      '';
+      extraStopCommands = ''
+        iptables -D INPUT -s 192.168.0.0/16 -p udp --sport 1900 -j ACCEPT
+      '';
+    };

    networking.wireguard.interfaces.wg0 = {
      ips =