2020-12-07 15:19:02 +01:00
|
|
|
{ pkgs, ... }:
|
2020-12-07 15:14:33 +01:00
|
|
|
|
|
|
|
{
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
wireguard-tools
|
2021-08-29 12:45:44 +02:00
|
|
|
tcpdump
|
2020-12-07 15:14:33 +01:00
|
|
|
];
|
2020-12-07 15:41:43 +01:00
|
|
|
|
2020-12-15 18:15:50 +01:00
|
|
|
boot.kernel.sysctl = {
|
|
|
|
"net.ipv4.ip_forward" = true;
|
|
|
|
"net.ipv6.conf.all.forwarding" = true;
|
|
|
|
};
|
|
|
|
|
2021-01-13 13:55:11 +01:00
|
|
|
networking.firewall.checkReversePath = false;
|
|
|
|
|
2021-01-10 22:28:50 +01:00
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
|
|
# Open Firewall for BGP
|
|
|
|
179
|
|
|
|
];
|
|
|
|
|
2020-12-15 18:15:50 +01:00
|
|
|
networking.firewall.extraCommands = ''
|
2021-01-10 22:28:50 +01:00
|
|
|
# Open fireall for OSPF
|
|
|
|
ip6tables -A INPUT -p ospfigp -j ACCEPT
|
|
|
|
iptables -A INPUT -p ospfigp -j ACCEPT
|
|
|
|
# Open firewall for GRE
|
|
|
|
ip6tables -A INPUT -p gre -j ACCEPT
|
|
|
|
iptables -A INPUT -p gre -j ACCEPT
|
2020-12-15 18:15:50 +01:00
|
|
|
'';
|
2020-12-07 15:14:33 +01:00
|
|
|
}
|