diff options
author | Kenny Ballou <kballou@devnulllabs.io> | 2019-07-18 05:58:12 -0600 |
---|---|---|
committer | Kenny Ballou <kballou@devnulllabs.io> | 2019-07-18 05:58:12 -0600 |
commit | 31647a4ced806823571f7c4d0f200389bea05d55 (patch) | |
tree | 376dbf4941e67afad619f934ac2b272cb4e8bcec /services | |
parent | cace371fa291bffd48ea3310a496762a9ba29559 (diff) | |
download | cfg.nix-31647a4ced806823571f7c4d0f200389bea05d55.tar.gz cfg.nix-31647a4ced806823571f7c4d0f200389bea05d55.tar.xz |
firewall: add docker masquerade and forward rules
Signed-off-by: Kenny Ballou <kballou@devnulllabs.io>
Diffstat (limited to 'services')
-rw-r--r-- | services/nftables-rules.nft | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/services/nftables-rules.nft b/services/nftables-rules.nft index 3635100..e4d9491 100644 --- a/services/nftables-rules.nft +++ b/services/nftables-rules.nft @@ -18,6 +18,8 @@ table inet filter { chain forward { type filter hook forward priority 0; policy drop; ct state established,related counter accept + ip saddr 172.16.0.0/12 ip daddr 172.16.0.0/12 counter accept + iifname docker0 oifname != docker counter accept counter } @@ -60,6 +62,8 @@ table ip nat { } chain postrouting { type nat hook postrouting priority 100; + ip saddr 172.16.0.0/12 oifname enp0s25 counter masquerade + ip saddr 172.16.0.0/12 oifname wlp2s0 counter masquerade counter } } @@ -71,6 +75,8 @@ table ip6 nat { } chain postrouting { type nat hook postrouting priority 100; + ip6 saddr fcdd::/48 oifname enp0s25 counter masquerade + ip6 saddr fcdd::/48 oifname wlp2s0 counter masquerade counter } } |