hosts/carbon: Don't send IPv4 to ppp tunnel

2025-11-21 18:33:42 +01:00
parent a5125e92a6
commit bd1716eb23
1 changed files with 6 additions and 0 deletions
--- a/hosts/carbon/ppp-ncfttb.nix
+++ b/hosts/carbon/ppp-ncfttb.nix
@@ -60,4 +60,10 @@
    ip46tables -t mangle -A forward-mangle -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
  '';

+  networking.firewall.extraCommands = ''
+    # Reject all IPv4 traffic that tries to enter and leave the PPP tunnel
+    iptables -I INPUT -i ppp-ncfttb -j DROP
+    iptables -I OUTPUT -o ppp-ncfttb -j DROP
+  '';
+
 }