newedge/liminix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add service to enable packet forwarding

Browse Source 
might be worth looking into adding RA config to this
This commit is contained in:
Daniel Barlow
2023-09-01 17:34:47 +01:00
parent ef666c34cd
commit 7ad848cb77
5 changed files with 40 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
examples/extneder.nix
View File

@@ -43,7 +43,9 @@ in rec {
IP6_NF_IPTABLES = "y"; # do we still need these
IP_NF_IPTABLES = "y"; # if using nftables directly
# these are copied from rotuer and need review
# these are copied from rotuer and need review.
# we're not running a firewall, so why do we need
# nftables config?
IP_NF_NAT = "y";
IP_NF_TARGET_MASQUERADE = "y";
NETFILTER = "y";

17
examples/rotuer.nix
View File

@@ -156,22 +156,7 @@ in rec {
ruleset = import ./rotuer-firewall.nix;
};
services.packet_forwarding =
let
ip4 = "/proc/sys/net/ipv4/conf/all/forwarding";
ip6 = "/proc/sys/net/ipv6/conf/all/forwarding";
in oneshot {
name = "let-the-ip-flow";
up = ''
echo 1 > ${ip4}
echo 1 > ${ip6}
'';
down = ''
echo 0 > ${ip4};
echo 0 > ${ip6};
'';
dependencies = [ services.firewall ];
};
services.packet_forwarding = svc.network.forward.build { };
services.dhcp6 =
let