modules/wireguard-initrd: fix routing policy

2023-10-12 22:17:25 +02:00 · 2023-10-12 22:17:25 +02:00 · 18f67dff98
commit 18f67dff98
parent 2e390e9ef9
1 changed files with 6 additions and 6 deletions
--- a/modules/wireguard-initrd/default.nix
+++ b/modules/wireguard-initrd/default.nix
@ -58,16 +58,16 @@ in
        persistent-keepalive "25" \
        allowed-ips "0.0.0.0/0,::/0,10.20.30.0/24,2a01:4f8:c0c:15f1::/113"

-      ip route add "::/0" dev "wg-initrd" table 1337
-      ip route add "0.0.0.0/0" dev "wg-initrd" table 1337
+      #ip route add "::/0" dev "wg-initrd" table 1337
+      #ip route add "0.0.0.0/0" dev "wg-initrd" table 1337


      ${concatMapStringsSep "\n" (ip: ''
        ip -6 rule add from "${ip}" lookup 1337 prio 19000
        ip -6 rule add from "${ip}" unreachable prio 19001
      '') cfg.ipv6s}
-      ip -6 rule add from "2a01:4f8:c0c:15f1::1/128" ipproto udp dport 51820 lookup main prio 20000
-      ip -6 rule add from "2a01:4f8:c0c:15f1::1/128" ipproto udp dport 51820 unreachable prio 20001
+      ip -6 rule add to "2a01:4f8:c0c:15f1::1/128" ipproto udp dport 51820 lookup main prio 20000
+      ip -6 rule add to "2a01:4f8:c0c:15f1::1/128" ipproto udp dport 51820 unreachable prio 20001
      ip -6 rule add lookup main prio 21000
      ip -6 rule add lookup 1337 prio 21001
      ip -6 rule add unreachable prio 21000
@ -77,8 +77,8 @@ in
        ip -4 rule add from "${ip}" lookup 1337 prio 19000
        ip -4 rule add from "${ip}" unreachable prio 19001
      '') cfg.ipv4s}
-      ip -4 rule add from "78.47.183.82/32" ipproto udp dport 51820 lookup main prio 20000
-      ip -4 rule add from "78.47.183.82/32" ipproto udp dport 51820 unreachable prio 20001
+      ip -4 rule add to "78.47.183.82/32" ipproto udp dport 51820 lookup main prio 20000
+      ip -4 rule add to "78.47.183.82/32" ipproto udp dport 51820 unreachable prio 20001
      ip -4 rule add lookup main prio 21000
      ip -4 rule add lookup 1337 prio 21001
      ip -4 rule add unreachable prio 21000