diff options
| author | sinanmohd <sinan@sinanmohd.com> | 2024-01-29 20:27:43 +0530 | 
|---|---|---|
| committer | sinanmohd <sinan@sinanmohd.com> | 2024-01-29 21:18:13 +0530 | 
| commit | 26dec78b3169960b2daa8d324ef7af47100337e4 (patch) | |
| tree | 8090364b66dc4907a37681d19ce256205baa46cb /hosts/kay | |
| parent | 756549f01053cff8e32bacc1250c8191297a39c1 (diff) | |
kay/network/he: always accept 6in4 tunnels from he remote
Diffstat (limited to 'hosts/kay')
| -rw-r--r-- | hosts/kay/modules/hurricane.nix | 9 | 
1 files changed, 3 insertions, 6 deletions
| diff --git a/hosts/kay/modules/hurricane.nix b/hosts/kay/modules/hurricane.nix index b32601c..7988c63 100644 --- a/hosts/kay/modules/hurricane.nix +++ b/hosts/kay/modules/hurricane.nix @@ -24,6 +24,9 @@ in        enable = true;        rttablesExtraConfig = "200 hurricane";      }; + +    firewall.extraCommands = +      "iptables -A INPUT --proto 41 --source ${remote} --jump ACCEPT";    };    sops.secrets = { @@ -84,12 +87,6 @@ in        done        ip tunnel change ${iface} local "$wan_ip" mode sit - -      # for unknown reason gateway don't seems to know where to route -      # incoming traffic if we do not ping the gateway after ip change -      while ! ping -c1 ${gateway}; do -          sleep 1 -      done      '';    };  } | 
