ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

enable ipv6 and disable vlan cross talk to management

Browse source
This commit is contained in:
RingOfStorms (Joshua Bell) 2025-08-06 12:31:19 -05:00
parent 285c53540a
commit eef385fbb7
1 changed files with 13 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

20
hosts/h003/networking.nix
View file

@ -1,6 +1,5 @@
{
config,
pkgs,
lib,
...
}:
@ -26,22 +25,19 @@
vlan10 = {
id = 10;
interface = "bond0";
# interface = "enp1s0";
};
vlan20 = {
id = 20;
interface = "bond0";
# interface = "enp1s0";
};
vlan1 = {
id = 1;
interface = "bond0";
# interface = "enp1s0";
};
};
# enable ipv6 or not
enableIPv6 = false;
enableIPv6 = true;
# Interface configuration
interfaces = {
@ -96,6 +92,16 @@
"vlan1" # Allow all on management
];
# Block vlan to vlan communication
filterForward = true;
extraForwardRules = ''
ip saddr 10.12.14.0/24 ip daddr 192.168.0.0/24 drop
'';
# extraCommands = ''
# # Block LAN (vlan20) from accessing Management (vlan1)
# nft add rule inet nixos-fw forward ip saddr 10.12.14.0/24 ip daddr 192.168.0.0/24 drop
# '';
interfaces = {
# WAN interface - allow nothing inbound by default
vlan10 = {
@ -164,8 +170,8 @@
# DHCP range and settings
dhcp-range = [
"10.12.14.100,10.12.14.200,24h" # LAN devices
"192.168.0.10,192.168.0.50,24h" # Management devices
"10.12.14.100,10.12.14.200,1h" # LAN devices
"192.168.0.10,192.168.0.50,1h" # Management devices
]
++ lib.optionals config.networking.enableIPv6 [
# IPv6 DHCP range