lynatic/flake
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix upnp firewall rules

Browse source
This commit is contained in:
Lyn 2025-01-15 14:12:48 +01:00
parent 6fd0215a19
commit e57864649e
1 changed files with 20 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
modules/services/mkMesh.nix
View file

@ -52,17 +52,26 @@ in {
}; };
config = rec { config = rec {
networking.firewall = { networking.firewall = {
allowedUDPPorts = allowedUDPPorts = [
[
currentHost.wg.port_v4 currentHost.wg.port_v4
currentHost.wg.port_v6 currentHost.wg.port_v6
] ];
# UPnP broadcast responses # UPnP broadcast responses
++ ( # credits: https://github.com/NixOS/nixpkgs/issues/161328
if cfg.enable_upnp_portforward extraPackages =
then [1900] if enableUPnP
else [] then [pkgs.ipset]
); else [];
extraCommands =
if enableUPnP
then ''
if ! ipset --quiet list upnp; then
ipset create upnp hash:ip,port timeout 3
fi
iptables -A OUTPUT -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j SET --add-set upnp src,src --exist
iptables -A nixos-fw -p udp -m set --match-set upnp dst,dst -j nixos-fw-accept
''
else "";
}; };
networking.wireguard.interfaces.wg0 = { networking.wireguard.interfaces.wg0 = {