nftables: allow syncthing access over vpn
GUI is also accessible over VPN. However, it will be replaced by sync.shione.net later on routed through nginx.
This commit is contained in:
parent
ffbf97ac30
commit
190194593f
GPG key ID:
1F2BB159B645E575
1 changed files with 23 additions and 15 deletions
|
|
@ -9,6 +9,8 @@ define dns_port = 53
|
|||
define srt_input_udp_port = 60001
|
||||
define srt_output_port = 60000
|
||||
define srb2kart_port = 5029
|
||||
define syncthing_port = 22000
|
||||
define syncthing_gui_port = 8384
|
||||
|
||||
table inet filter {
|
||||
chain input_ipv4 {
|
||||
|
|
@ -40,10 +42,16 @@ table inet filter {
|
|||
# ip saddr 10.8.0.0/32
|
||||
|
||||
# Allow VPN to use DNS.
|
||||
tcp dport { $dns_port } accept
|
||||
tcp dport {
|
||||
$dns_port
|
||||
$syncthing_port,
|
||||
$syncthing_gui_port,
|
||||
} accept
|
||||
|
||||
udp dport {
|
||||
$dns_port,
|
||||
$srt_input_udp_port,
|
||||
$syncthing_port,
|
||||
} accept
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue