Put in earplugs

This commit is contained in:
nik gaffney 2024-01-24 16:44:22 +01:00
parent 22b47669f3
commit bf71b596e5
Signed by: nik
GPG key ID: 989F5E6EDB478160
2 changed files with 34 additions and 9 deletions

View file

@ -221,7 +221,14 @@ use dovecot for local IMAP
#+BEGIN_SRC scheme :session #+BEGIN_SRC scheme :session
(service iptables-service-type (service iptables-service-type
(iptables-configuration (iptables-configuration
(ipv4-rules (plain-file "iptables.rules" "*filter (ipv4-rules (plain-file "iptables.rules"
"*nat
:PREROUTING ACCEPT
:INPUT ACCEPT
:OUTPUT ACCEPT
:POSTROUTING ACCEPT
-A POSTROUTING -o en0 -j MASQUERADE
,*filter
:INPUT ACCEPT :INPUT ACCEPT
:FORWARD ACCEPT :FORWARD ACCEPT
:OUTPUT ACCEPT :OUTPUT ACCEPT
@ -238,11 +245,11 @@ SMB
-A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.0.0/16 --dport 445 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.0.0/16 --dport 445 -j ACCEPT
#+end_src #+end_src
wireguard wireguard
#+BEGIN_SRC scheme #+BEGIN_SRC scheme
-A INPUT -p udp -m udp --dport 51820 -j ACCEPT -A INPUT -p udp -m udp --dport 51820 -j ACCEPT
-A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -i wg0 -j ACCEPT -A FORWARD -i wg0 -j ACCEPT
-A POSTROUTING -o wlp1s0 -j MASQUERADE
#+end_src #+end_src
#+BEGIN_SRC scheme #+BEGIN_SRC scheme
@ -250,7 +257,14 @@ wireguard
-A INPUT -m conntrack --ctstate INVALID -j DROP -A INPUT -m conntrack --ctstate INVALID -j DROP
COMMIT COMMIT
")) "))
(ipv6-rules (plain-file "ip6tables.rules" "*filter (ipv6-rules (plain-file "ip6tables.rules"
"*nat
:PREROUTING ACCEPT
:INPUT ACCEPT
:OUTPUT ACCEPT
:POSTROUTING ACCEPT
-A POSTROUTING -o en0 -j MASQUERADE
*filter
:INPUT ACCEPT :INPUT ACCEPT
:FORWARD ACCEPT :FORWARD ACCEPT
:OUTPUT ACCEPT :OUTPUT ACCEPT
@ -272,7 +286,6 @@ wireguard
-A INPUT -p udp -m udp --dport 51820 -j ACCEPT -A INPUT -p udp -m udp --dport 51820 -j ACCEPT
-A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -i wg0 -j ACCEPT -A FORWARD -i wg0 -j ACCEPT
-A POSTROUTING -o wlp1s0 -j MASQUERADE
#+end_src #+end_src
#+BEGIN_SRC scheme #+BEGIN_SRC scheme

View file

@ -1,6 +1,6 @@
;; -*- mode: scheme; coding: utf-8; -*- ;; -*- mode: scheme; coding: utf-8; -*-
;; ;;
;; tangled from framework13-system.org on 2024-01-24 15:51:00+01:00) ;; tangled from framework13-system.org on 2024-01-24 16:44:03+01:00)
(use-modules (gnu) (use-modules (gnu)
(gnu packages) (gnu packages)
@ -125,7 +125,14 @@
(service iptables-service-type (service iptables-service-type
(iptables-configuration (iptables-configuration
(ipv4-rules (plain-file "iptables.rules" "*filter (ipv4-rules (plain-file "iptables.rules"
"*nat
:PREROUTING ACCEPT
:INPUT ACCEPT
:OUTPUT ACCEPT
:POSTROUTING ACCEPT
-A POSTROUTING -o en0 -j MASQUERADE
*filter
:INPUT ACCEPT :INPUT ACCEPT
:FORWARD ACCEPT :FORWARD ACCEPT
:OUTPUT ACCEPT :OUTPUT ACCEPT
@ -142,13 +149,19 @@
-A INPUT -p udp -m udp --dport 51820 -j ACCEPT -A INPUT -p udp -m udp --dport 51820 -j ACCEPT
-A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -i wg0 -j ACCEPT -A FORWARD -i wg0 -j ACCEPT
-A POSTROUTING -o wlp1s0 -j MASQUERADE
-A INPUT -j REJECT --reject-with icmp-port-unreachable -A INPUT -j REJECT --reject-with icmp-port-unreachable
-A INPUT -m conntrack --ctstate INVALID -j DROP -A INPUT -m conntrack --ctstate INVALID -j DROP
COMMIT COMMIT
")) "))
(ipv6-rules (plain-file "ip6tables.rules" "*filter (ipv6-rules (plain-file "ip6tables.rules"
"*nat
:PREROUTING ACCEPT
:INPUT ACCEPT
:OUTPUT ACCEPT
:POSTROUTING ACCEPT
-A POSTROUTING -o en0 -j MASQUERADE
*filter
:INPUT ACCEPT :INPUT ACCEPT
:FORWARD ACCEPT :FORWARD ACCEPT
:OUTPUT ACCEPT :OUTPUT ACCEPT
@ -165,7 +178,6 @@ COMMIT
-A INPUT -p udp -m udp --dport 51820 -j ACCEPT -A INPUT -p udp -m udp --dport 51820 -j ACCEPT
-A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -i wg0 -j ACCEPT -A FORWARD -i wg0 -j ACCEPT
-A POSTROUTING -o wlp1s0 -j MASQUERADE
-A INPUT -j REJECT --reject-with icmp6-port-unreachable -A INPUT -j REJECT --reject-with icmp6-port-unreachable
-A INPUT -m conntrack --ctstate INVALID -j DROP -A INPUT -m conntrack --ctstate INVALID -j DROP