Jules/nixos-config
1
0
Fork 0
forked from Bun/nixos-config
Code Pull requests Activity

Properly force the VPN SMTP thing

Browse source
This commit is contained in:
Jimbo 2024-09-18 13:49:57 -04:00
parent 17e384265c
commit 7ae06caef8
2 changed files with 5 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

3
nixos/server/firewall.nix
View file

@ -5,6 +5,7 @@
# Configure firewall
networking = let
ips = import ../modules/ips.nix;
mailPorts = "{ 25, 143, 465, 587, 993, 4190 }";
in {
firewall = {
allowPing = false;
@ -13,6 +14,7 @@
extraInputRules = ''
ip saddr ${ips.localSpan}.0/24 tcp dport 2049 accept comment "Accept NFS"
ip saddr { ${ips.pc}, ${outputs.secrets.lunaIP}, ${outputs.secrets.cornIP}, ${outputs.secrets.vertIP} } tcp dport { 1935, 1945 } accept comment "Accept RTMP"
ip saddr ${ips.wgSpan}.3 tcp dport ${mailPorts} accept comment "Accept mail"
'';
};
@ -45,6 +47,7 @@
type nat hook postrouting priority 100; policy accept;
oifname "${ips.netInt}" masquerade
iifname "${ips.netInt}" oifname "${ips.wgInt}" masquerade comment "Traffic from public to WireGuard"
tcp dport ${mailPorts} oifname != "${ips.wgInt}" drop comment "Send mail"
}
'';
};