clerie/nixfiles
1
0
Fork 0
Code

modules/wireguard-initrd: fix udp option for ipproto in ip rule

Browse Source
This commit is contained in:
clerie 2023-11-05 15:17:54 +01:00
parent 111ebefd1d
commit 8e98e29e97
1 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
modules/wireguard-initrd/default.nix
View File

@ -58,16 +58,21 @@ in
persistent-keepalive "25" \ persistent-keepalive "25" \
allowed-ips "0.0.0.0/0,::/0,10.20.30.0/24,2a01:4f8:c0c:15f1::/113" allowed-ips "0.0.0.0/0,::/0,10.20.30.0/24,2a01:4f8:c0c:15f1::/113"
#ip route add "::/0" dev "wg-initrd" table 1337 ip route add "::/0" dev "wg-initrd" table 1337
#ip route add "0.0.0.0/0" dev "wg-initrd" table 1337 ip route add "0.0.0.0/0" dev "wg-initrd" table 1337
# Error: Argument "udp" is wrong: Invalid "ipproto" value
# For some reason ip rule does not recognize "udp" as a value for "ipproto" in initrd,
# so we pass the numeric value for it manually
# This is from linux/include/uapi/linux/in.h
IPPROTO_UDP=17
${concatMapStringsSep "\n" (ip: '' ${concatMapStringsSep "\n" (ip: ''
ip -6 rule add from "${ip}" lookup 1337 prio 19000 ip -6 rule add from "${ip}" lookup 1337 prio 19000
ip -6 rule add from "${ip}" unreachable prio 19001 ip -6 rule add from "${ip}" unreachable prio 19001
'') cfg.ipv6s} '') cfg.ipv6s}
ip -6 rule add to "2a01:4f8:c0c:15f1::1/128" ipproto udp dport 51820 lookup main prio 20000 ip -6 rule add to "2a01:4f8:c0c:15f1::1/128" ipproto $IPPROTO_UDP dport 51820 lookup main prio 20000
ip -6 rule add to "2a01:4f8:c0c:15f1::1/128" ipproto udp dport 51820 unreachable prio 20001 ip -6 rule add to "2a01:4f8:c0c:15f1::1/128" ipproto $IPPROTO_UDP dport 51820 unreachable prio 20001
ip -6 rule add lookup main prio 21000 ip -6 rule add lookup main prio 21000
ip -6 rule add lookup 1337 prio 21001 ip -6 rule add lookup 1337 prio 21001
ip -6 rule add unreachable prio 21000 ip -6 rule add unreachable prio 21000
@ -77,8 +82,8 @@ in
ip -4 rule add from "${ip}" lookup 1337 prio 19000 ip -4 rule add from "${ip}" lookup 1337 prio 19000
ip -4 rule add from "${ip}" unreachable prio 19001 ip -4 rule add from "${ip}" unreachable prio 19001
'') cfg.ipv4s} '') cfg.ipv4s}
ip -4 rule add to "78.47.183.82/32" ipproto udp dport 51820 lookup main prio 20000 ip -4 rule add to "78.47.183.82/32" ipproto $IPPROTO_UDP dport 51820 lookup main prio 20000
ip -4 rule add to "78.47.183.82/32" ipproto udp dport 51820 unreachable prio 20001 ip -4 rule add to "78.47.183.82/32" ipproto $IPPROTO_UDP dport 51820 unreachable prio 20001
ip -4 rule add lookup main prio 21000 ip -4 rule add lookup main prio 21000
ip -4 rule add lookup 1337 prio 21001 ip -4 rule add lookup 1337 prio 21001
ip -4 rule add unreachable prio 21000 ip -4 rule add unreachable prio 21000