ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

enable ipv6 and disable vlan cross talk to management

Browse source
This commit is contained in:
RingOfStorms (Joshua Bell) 2025-08-06 12:31:19 -05:00
parent 285c53540a
commit eef385fbb7
1 changed files with 13 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

20
hosts/h003/networking.nix
View file

@ -1,6 +1,5 @@
{ {
config, config,
pkgs,
lib, lib,
... ...
}: }:
@ -26,22 +25,19 @@
vlan10 = { vlan10 = {
id = 10; id = 10;
interface = "bond0"; interface = "bond0";
# interface = "enp1s0";
}; };
vlan20 = { vlan20 = {
id = 20; id = 20;
interface = "bond0"; interface = "bond0";
# interface = "enp1s0";
}; };
vlan1 = { vlan1 = {
id = 1; id = 1;
interface = "bond0"; interface = "bond0";
# interface = "enp1s0";
}; };
}; };
# enable ipv6 or not # enable ipv6 or not
enableIPv6 = false; enableIPv6 = true;
# Interface configuration # Interface configuration
interfaces = { interfaces = {
@ -96,6 +92,16 @@
"vlan1" # Allow all on management "vlan1" # Allow all on management
]; ];
# Block vlan to vlan communication
filterForward = true;
extraForwardRules = ''
ip saddr 10.12.14.0/24 ip daddr 192.168.0.0/24 drop
'';
# extraCommands = ''
# # Block LAN (vlan20) from accessing Management (vlan1)
# nft add rule inet nixos-fw forward ip saddr 10.12.14.0/24 ip daddr 192.168.0.0/24 drop
# '';
interfaces = { interfaces = {
# WAN interface - allow nothing inbound by default # WAN interface - allow nothing inbound by default
vlan10 = { vlan10 = {
@ -164,8 +170,8 @@
# DHCP range and settings # DHCP range and settings
dhcp-range = [ dhcp-range = [
"10.12.14.100,10.12.14.200,24h" # LAN devices "10.12.14.100,10.12.14.200,1h" # LAN devices
"192.168.0.10,192.168.0.50,24h" # Management devices "192.168.0.10,192.168.0.50,1h" # Management devices
] ]
++ lib.optionals config.networking.enableIPv6 [ ++ lib.optionals config.networking.enableIPv6 [
# IPv6 DHCP range # IPv6 DHCP range