fix firewall config

2022-12-08 12:19:42 +01:00 · 2022-12-08 12:19:42 +01:00 · 1b9572e04d
parent d631c044a1
commit 1b9572e04d
2 changed files with 3 additions and 11 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -157,17 +157,8 @@

  # wireguard settings
  networking.firewall = {
-    # if packets are still dropped, they will show up in dmesg
-    logReversePathDrops = true;
-    # wireguard trips rpfilter up
-    extraCommands = ''
-      ip46tables -t raw -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN
-      ip46tables -t raw -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN
-    '';
-    extraStopCommands = ''
-      ip46tables -t raw -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true
-      ip46tables -t raw -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true
-    '';
+    allowedUDPPorts = [ 51820 ];
+    enable = true;
  };

  # This value determines the NixOS release from which the default
--- a/user.nix
+++ b/user.nix
@ -35,6 +35,7 @@
      mpv
      yt-dlp
      obs-studio
+      ffmpeg

      # images
      feh