Commit `0aa2f675cdd9`

Vincent Demeester <vincent@sbr.pm>

2022-04-15 14:14:33

modules/wireguard: add an additional iptables

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

main

1 parent b76e416

Changed files (1)

systems

modules

profiles

wireguard.server.nix

@@ -22,6 +22,7 @@ in
     boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
     networking.firewall.extraCommands = ''
       iptables -t nat -A POSTROUTING -s10.100.0.0/24 -j MASQUERADE
+      iptables -A FORWARD -i wg+ -j ACCEPT
     '';
     networking.firewall.allowedUDPPorts = [ 51820 ];
     networking.firewall.trustedInterfaces = [ "wg0" ];

Commit 0aa2f675cdd9

Commit `0aa2f675cdd9`