29 lines
600 B
Nix
29 lines
600 B
Nix
{ pkgs, ... }:
|
|
|
|
{
|
|
environment.systemPackages = with pkgs; [
|
|
wireguard-tools
|
|
];
|
|
|
|
boot.kernel.sysctl = {
|
|
"net.ipv4.ip_forward" = true;
|
|
"net.ipv6.conf.all.forwarding" = true;
|
|
};
|
|
|
|
networking.firewall.checkReversePath = false;
|
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
# Open Firewall for BGP
|
|
179
|
|
];
|
|
|
|
networking.firewall.extraCommands = ''
|
|
# Open fireall for OSPF
|
|
ip6tables -A INPUT -p ospfigp -j ACCEPT
|
|
iptables -A INPUT -p ospfigp -j ACCEPT
|
|
# Open firewall for GRE
|
|
ip6tables -A INPUT -p gre -j ACCEPT
|
|
iptables -A INPUT -p gre -j ACCEPT
|
|
'';
|
|
}
|