nixfiles/configuration/router/default.nix

{ pkgs, ... }:

{
  environment.systemPackages = with pkgs; [
    wireguard-tools
    tcpdump
  ];

  boot.kernel.sysctl = {
    "net.ipv4.ip_forward" = true;
    "net.ipv6.conf.all.forwarding" = true;
  };

  networking.firewall.checkReversePath = false;

  networking.firewall.allowedTCPPorts = [
    # Open Firewall for BGP
    179
  ];

  networking.firewall.extraCommands = ''
    # Open fireall for OSPF
    ip46tables -A nixos-fw -p ospfigp -j nixos-fw-accept
    # Open firewall for GRE
    ip46tables -A nixos-fw -p gre -j nixos-fw-accept
  '';
}