Adjust networking to allow Wireguard client to work properly

2025-04-01 17:19:26 -04:00 · 2025-04-01 17:19:26 -04:00 · a06273419c
commit a06273419c
parent 3f8c8df90a
1 changed files with 18 additions and 1 deletions
--- a/hosts/default/configuration.nix
+++ b/hosts/default/configuration.nix
@ -176,7 +176,24 @@

  # For xdebug...verify actual necessity
  # Have had to use this, but I think it can be disabled still - perhaps w/xdebug binding setting...don't know.
-  networking.firewall.allowedTCPPorts = [ 9003 ];
+  #networking.firewall.allowedTCPPorts = [ 9003 ];
+
+  networking.firewall = {
+    allowedTCPPorts = [ 9003 ];
+    allowedUDPPorts = [ 51820 ];
+    # if packets are still dropped, they will show up in dmesg
+    logReversePathDrops = true;
+    checkReversePath = "loose";
+    # wireguard trips rpfilter up
+    #extraCommands = ''
+    #  ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN
+    #  ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN
+    #'';
+    #extraStopCommands = ''
+    #  ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true
+    #  ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true
+    #'';
+  };
  # Allow unfree packages
  nixpkgs.config.allowUnfree = true;