hosts/carbon: block incoming connections

modules/clerie-firewall: enable connection tracking
2023-02-03 01:02:13 +01:00 · 2023-02-03 00:49:56 +01:00
2 changed files with 3 additions and 1 deletions
--- a/hosts/carbon/configuration.nix
+++ b/hosts/carbon/configuration.nix
@@ -247,7 +247,6 @@
  clerie.firewall.extraForwardFilterCommands = ''
    ip46tables -A forward-filter -i enp1s0.202 -o ppp-ntvdsl -j ACCEPT
    ip46tables -A forward-filter -i enp1s0.202 -j DROP
-    ip46tables -A forward-filter -i ppp-ntvdsl -o enp1s0.202 -j ACCEPT
    ip46tables -A forward-filter -o enp1s0.202 -j DROP
  '';
  clerie.firewall.extraForwardMangleCommands = ''
--- a/modules/clerie-firewall/default.nix
+++ b/modules/clerie-firewall/default.nix
@@ -24,6 +24,9 @@ let

    ip46tables -N forward-filter

+    # Allow packets from existing connections
+    ip46tables -A forward-filter -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+
    ${cfg.extraForwardFilterCommands}

    ip46tables -A FORWARD -j forward-filter
Author	SHA1	Message	Date
clerie	230cd17208	hosts/carbon: block incoming connections	2023-02-03 01:02:13 +01:00
clerie	7f84597b56	modules/clerie-firewall: enable connection tracking	2023-02-03 00:49:56 +01:00