chayleaf/dotfiles
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

router: enable ipv6 forwarding in wan netns

Browse source
This commit is contained in:
chayleaf 2024-07-14 06:41:26 +07:00
parent 2bdbbafbb0
commit a6a9b5be12
Signed by: chayleaf
GPG key ID: 78171AD46227E68E
2 changed files with 7 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
flake.lock
View file

@ -510,11 +510,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720021052, "lastModified": 1720913908,
"narHash": "sha256-tu8IQn8Kj7S0xRg0L2ej7S65FzXqSX7LI7M2pbLdQJU=", "narHash": "sha256-AZ0AcL1ze6gS8EmwRpuR04MXCLb/NDLjp9n+Gs4IhFQ=",
"owner": "chayleaf", "owner": "chayleaf",
"repo": "nixos-router", "repo": "nixos-router",
"rev": "4c132c4c5fc09b3c3317b960ec1533c4a5ebe41f", "rev": "38088dc1745350db709e9f2cf777979b5217f671",
"type": "github" "type": "github"
}, },
"original": { "original": {

4
system/hosts/router/default.nix
View file

@ -718,6 +718,10 @@ in {
]; ];
}; };
router.networkNamespaces.wan = { router.networkNamespaces.wan = {
sysctl = {
"net.ipv4.conf.all.forwarding" = true;
"net.ipv6.conf.all.forwarding" = true;
};
# this is the even more boring nftables config # this is the even more boring nftables config
nftables.jsonRules = let nftables.jsonRules = let
wans = [ "wan" ] ++ lib.optional (cfg.vpn.tunnel.mode == "sit") "sittun0"; wans = [ "wan" ] ++ lib.optional (cfg.vpn.tunnel.mode == "sit") "sittun0";