feat: nftables · devins.page/flake@55adcc7

devins.page / flake

fork atom

configurations for my servers and desktops

nix nixos flake dots dotfiles

fork atom

feat: nftables

devins.page 3 months ago 55adcc77 1f6e3b0d

+33 -1

2 changed files

expand all

hosts

bluepill-proxy

services

caddy.nix

nftables.nix

+1 -1

hosts/bluepill-proxy/services/caddy.nix

··· 1 1 {...}: { 2 - networking.firewall.allowedTCPPorts = [22 80 443]; 2 + networking.firewall.allowedTCPPorts = [80 443]; 3 3 4 4 services.caddy = { 5 5 enable = true;

+32

hosts/bluepill-proxy/services/nftables.nix

··· 1 + {pkgs, ...}: { 2 + networking.sysctl = { 3 + "net.ipv4.ip_forward" = 1; 4 + "net.ipv6.conf.all.forwarding" = 1; 5 + }; 6 + 7 + networking.firewall = { 8 + enable = true; 9 + allowedTCPPorts = [25565]; 10 + allowedUDPPorts = [25565 24454 19132]; 11 + }; 12 + 13 + networking.nftables = { 14 + enable = true; 15 + extraRules = '' 16 + table ip nat { 17 + chain prerouting { 18 + type nat hook prerouting priority dstnat; policy accept; 19 + tcp dport 25565 dnat to 100.109.134.42:25565; 20 + udp dport 25565 dnat to 100.109.134.42:25565; 21 + udp dport 24454 dnat to 100.109.134.42:24454; 22 + udp dport 19132 dnat to 100.109.134.42:19132; 23 + } 24 + 25 + chain postrouting { 26 + type nat hook postrouting priority srcnat; policy accept; 27 + ip daddr 100.109.134.42 snat to 100.108.47.83; 28 + } 29 + } 30 + ''; 31 + }; 32 + }