peprolinbot/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Fix the wireguard problems for good

Browse source
This commit is contained in:
Pedro Rey Anca 2025-03-18 18:45:23 +01:00
parent 5f3c337091
commit 4b31600f45
Signed by: peprolinbot
GPG key ID: 053EA6E00116533A
1 changed files with 1 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
modules/core/network.nix
View file

@ -12,21 +12,7 @@
# ]; # ];
### https://nixos.wiki/wiki/WireGuard#Setting_up_WireGuard_with_NetworkManager ### https://nixos.wiki/wiki/WireGuard#Setting_up_WireGuard_with_NetworkManager
# if packets are still dropped, they will show up in dmesg checkReversePath = "loose";
logReversePathDrops = true;
# wireguard trips rpfilter up
extraCommands = ''
iptables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN
ip6tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN
iptables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN
ip6tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN
'';
extraStopCommands = ''
iptables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true
ip6tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true
iptables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true
ip6tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true
'';
}; };
}; };