commit 0aa2f675cdd9485cef573b302c56f7969c8cd05d
parent b76e41695f1cb3e02c19429062fbb79eff9273c5
Author: Vincent Demeester <vincent@sbr.pm>
Date: Fri, 15 Apr 2022 14:14:33 +0200
modules/wireguard: add an additional iptables
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Diffstat:
1 file changed, 1 insertion(+), 0 deletions(-)
diff --git a/systems/modules/profiles/wireguard.server.nix b/systems/modules/profiles/wireguard.server.nix
@@ -22,6 +22,7 @@ in
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
networking.firewall.extraCommands = ''
iptables -t nat -A POSTROUTING -s10.100.0.0/24 -j MASQUERADE
+ iptables -A FORWARD -i wg+ -j ACCEPT
'';
networking.firewall.allowedUDPPorts = [ 51820 ];
networking.firewall.trustedInterfaces = [ "wg0" ];