From 3fd6838367e08f56440300f5a8f2646215df6287 Mon Sep 17 00:00:00 2001 From: CDaut Date: Thu, 13 Nov 2025 18:29:45 +0100 Subject: [PATCH] fixed wireguard (don't know how) --- configs/services/wg_server.nix | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/configs/services/wg_server.nix b/configs/services/wg_server.nix index fbe775a..e741bd4 100644 --- a/configs/services/wg_server.nix +++ b/configs/services/wg_server.nix @@ -34,7 +34,6 @@ in { }; # Open ports in the firewall firewall = { - rejectPackets = true; allowedTCPPorts = [ 53 ]; allowedUDPPorts = [ 53 wg_port ]; }; @@ -53,21 +52,16 @@ in { # This allows the wireguard server to route your traffic to the internet and hence be like a VPN postUp = '' - ${pkgs.iptables}/bin/iptables -t nat -I POSTROUTING 1 -s 10.8.0.1/16 -o eth0 -j MASQUERADE - ${pkgs.iptables}/bin/iptables -I FORWARD -i wg0 -j ACCEPT - ${pkgs.iptables}/bin/iptables -I INPUT 1 -i wg0 -j ACCEPT - ${pkgs.iptables}/bin/iptables -I FORWARD 1 -i eth0 -o wg0 -j ACCEPT - ${pkgs.iptables}/bin/iptables -I FORWARD 1 -i wg0 -o eth0 -j ACCEPT - ${pkgs.iptables}/bin/iptables -I INPUT 1 -i eth0 -p udp --dport ${toString wg_port} -j ACCEPT + ${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT + ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.8.0.1/16 -o eth0 -j MASQUERADE + ${pkgs.iptables}/bin/ip6tables -A FORWARD -i wg0 -j ACCEPT ''; # Undo the above preDown = '' + ${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.8.0.1/16 -o eth0 -j MASQUERADE - ${pkgs.iptables}/bin/iptables -D INPUT -i wg0 -j ACCEPT - ${pkgs.iptables}/bin/iptables -D FORWARD -i eth0 -o wg0 -j ACCEPT - ${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -o eth0 -j ACCEPT - ${pkgs.iptables}/bin/iptables -D INPUT -i eth0 -p udp --dport ${toString wg_port} -j ACCEPT + ${pkgs.iptables}/bin/ip6tables -D FORWARD -i wg0 -j ACCEPT ''; peers = [ {