nftables: allow syncthing access over vpn
GUI is also accessible over VPN. However, it will be replaced by sync.shione.net later on routed through nginx.
This commit is contained in:
parent
ffbf97ac30
commit
190194593f
GPG key ID:
1F2BB159B645E575
1 changed files with 23 additions and 15 deletions
|
|
@ -9,6 +9,8 @@ define dns_port = 53
|
||||||
define srt_input_udp_port = 60001
|
define srt_input_udp_port = 60001
|
||||||
define srt_output_port = 60000
|
define srt_output_port = 60000
|
||||||
define srb2kart_port = 5029
|
define srb2kart_port = 5029
|
||||||
|
define syncthing_port = 22000
|
||||||
|
define syncthing_gui_port = 8384
|
||||||
|
|
||||||
table inet filter {
|
table inet filter {
|
||||||
chain input_ipv4 {
|
chain input_ipv4 {
|
||||||
|
|
@ -40,10 +42,16 @@ table inet filter {
|
||||||
# ip saddr 10.8.0.0/32
|
# ip saddr 10.8.0.0/32
|
||||||
|
|
||||||
# Allow VPN to use DNS.
|
# Allow VPN to use DNS.
|
||||||
tcp dport { $dns_port } accept
|
tcp dport {
|
||||||
|
$dns_port
|
||||||
|
$syncthing_port,
|
||||||
|
$syncthing_gui_port,
|
||||||
|
} accept
|
||||||
|
|
||||||
udp dport {
|
udp dport {
|
||||||
$dns_port,
|
$dns_port,
|
||||||
$srt_input_udp_port,
|
$srt_input_udp_port,
|
||||||
|
$syncthing_port,
|
||||||
} accept
|
} accept
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue