lynatic/flake
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix upnp firewall rules

Browse source
This commit is contained in:
Lyn 2025-01-15 14:12:48 +01:00
parent 6fd0215a19
commit 5bea98a37f
1 changed files with 20 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
modules/services/mkMesh.nix
View file

@ -52,17 +52,26 @@ in {
};
config = rec {
networking.firewall = {
allowedUDPPorts =
[
allowedUDPPorts = [
currentHost.wg.port_v4
currentHost.wg.port_v6
]
];
# UPnP broadcast responses
++ (
# credits: https://github.com/NixOS/nixpkgs/issues/161328
extraPackages =
if cfg.enable_upnp_portforward
then [1900]
else []
);
then [pkgs.ipset]
else [];
extraCommands =
if cfg.enable_upnp_portforward
then ''
if ! ipset --quiet list upnp; then
ipset create upnp hash:ip,port timeout 3
fi
iptables -A OUTPUT -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j SET --add-set upnp src,src --exist
iptables -A nixos-fw -p udp -m set --match-set upnp dst,dst -j nixos-fw-accept
''
else "";
};
networking.wireguard.interfaces.wg0 = {