router: misc dnat changes
This commit is contained in:
parent
36ab46439a
commit
bef5b3f86d
|
@ -749,7 +749,7 @@ in {
|
||||||
# SSH
|
# SSH
|
||||||
[(is.eq meta.l4proto (f: f.tcp)) (is.eq tcp.dport 23) accept]
|
[(is.eq meta.l4proto (f: f.tcp)) (is.eq tcp.dport 23) accept]
|
||||||
# wg1
|
# wg1
|
||||||
[(is.eq meta.l4proto (f: f.udp)) (is.eq udp.dport 854) accept]
|
[(is.eq meta.l4proto (f: with f; set [ udp tcp ])) (is.eq th.dport (set [ 854 855 ])) accept]
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -935,7 +935,7 @@ in {
|
||||||
socketNamespace = "wan";
|
socketNamespace = "wan";
|
||||||
peers = lib.flip lib.imap0 cfg.wgPubkeys (i: publicKey: {
|
peers = lib.flip lib.imap0 cfg.wgPubkeys (i: publicKey: {
|
||||||
inherit publicKey;
|
inherit publicKey;
|
||||||
allowedIPs = [ "${addToIp parsedAddr4 (1 + i)}/32" "${addToIp parsedAddr6 (2 + i)}/128" ];
|
allowedIPs = [ "${addToIp parsedAddr4 (1 + i)}/32" "${addToIp parsedAddr6 (1 + i)}/128" ];
|
||||||
presharedKeyFile = "/secrets/wg1/wg_psk${toString i}";
|
presharedKeyFile = "/secrets/wg1/wg_psk${toString i}";
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue