firewall: add docker masquerade and forward rules

Signed-off-by: Kenny Ballou <kballou@devnulllabs.io>
author: Kenny Ballou <kballou@devnulllabs.io> 2019-07-18 05:58:12 -0600
committer: Kenny Ballou <kballou@devnulllabs.io> 2019-07-18 05:58:12 -0600
commit: 31647a4ced806823571f7c4d0f200389bea05d55 (patch)
tree: 376dbf4941e67afad619f934ac2b272cb4e8bcec /services
parent: cace371fa291bffd48ea3310a496762a9ba29559 (diff)
download: cfg.nix-31647a4ced806823571f7c4d0f200389bea05d55.tar.gz
cfg.nix-31647a4ced806823571f7c4d0f200389bea05d55.tar.xz
1 files changed, 6 insertions, 0 deletions
diff --git a/services/nftables-rules.nft b/services/nftables-rules.nft
index 3635100..e4d9491 100644
--- a/services/nftables-rules.nft
+++ b/services/nftables-rules.nft
@@ -18,6 +18,8 @@ table inet filter {
     chain forward {
         type filter hook forward priority 0; policy drop;
         ct state established,related counter accept
+        ip saddr 172.16.0.0/12 ip daddr 172.16.0.0/12 counter accept
+        iifname docker0 oifname != docker counter accept
         counter
     }
 
@@ -60,6 +62,8 @@ table ip nat {
    }
    chain postrouting {
         type nat hook postrouting priority 100;
+        ip saddr 172.16.0.0/12 oifname enp0s25 counter masquerade
+        ip saddr 172.16.0.0/12 oifname wlp2s0 counter masquerade
         counter
    }
 }
@@ -71,6 +75,8 @@ table ip6 nat {
    }
    chain postrouting {
         type nat hook postrouting priority 100;
+        ip6 saddr fcdd::/48 oifname enp0s25 counter masquerade
+        ip6 saddr fcdd::/48 oifname wlp2s0 counter masquerade
         counter
    }
 }
author	Kenny Ballou <kballou@devnulllabs.io>	2019-07-18 05:58:12 -0600
committer	Kenny Ballou <kballou@devnulllabs.io>	2019-07-18 05:58:12 -0600
commit	31647a4ced806823571f7c4d0f200389bea05d55 (patch)
tree	376dbf4941e67afad619f934ac2b272cb4e8bcec /services
parent	cace371fa291bffd48ea3310a496762a9ba29559 (diff)
download	cfg.nix-31647a4ced806823571f7c4d0f200389bea05d55.tar.gz cfg.nix-31647a4ced806823571f7c4d0f200389bea05d55.tar.xz