pyrox.dev
lol
firewall: fix rpfilter blocking dhcp offers when no ip was bound yet
+3
+3
nixos/modules/services/networking/firewall.nix
+3
nixos/modules/services/networking/firewall.nix
···
125
125
ip46tables -t raw -N nixos-fw-rpfilter 2> /dev/null || true
126
126
ip46tables -t raw -A nixos-fw-rpfilter -m rpfilter ${optionalString (cfg.checkReversePath == "loose") "--loose"} -j RETURN
127
127
128
+
# Allows this host to act as a DHCP4 client without first having to use APIPA
129
+
iptables -t raw -A nixos-fw-rpfilter -p udp --sport 67 --dport 68 -j RETURN
130
+
128
131
# Allows this host to act as a DHCPv4 server
129
132
iptables -t raw -A nixos-fw-rpfilter -s 0.0.0.0 -d 255.255.255.255 -p udp --sport 68 --dport 67 -j RETURN
130
133