~magic_rb/dotfiles

6fdfe3511a1f8e5c15edc239d45fbf1b8993a9f0 — Magic_RB 8 months ago 1b63b0a
Rename stubby to dnscrypt-proxy2 in nftables comment on blowhole

Signed-off-by: Magic_RB <magic_rb@redalder.org>
1 files changed, 1 insertions(+), 1 deletions(-)

M nixos/systems/blowhole/firewall.nix
M nixos/systems/blowhole/firewall.nix => nixos/systems/blowhole/firewall.nix +1 -1
@@ 158,7 158,7 @@ in
              type filter hook input priority 0; policy drop;

              tcp dport 22 accept comment "Accept SSH traffic always"
              iifname != "lo" tcp dport 5353 drop comment "Drop traffic to stubby always except for localhost to localhost traffic"
              iifname != "lo" tcp dport 5353 drop comment "Drop traffic to dnscrypt-proxy always except for localhost to localhost traffic"

              iifname { "nomad", "ve-monitor", "ve-klipper" } oifname { "nomad", "ve-monitor", "ve-klipper" } accept comment "Allow Nomad to do whatever it wants in its interface"
              iifname { "${wlan}", "${lan}", "lo" } accept comment "Allow local network to access the router"