This commit is contained in:
parent
1189a41df9
commit
a4189eeb15
@ -32,6 +32,14 @@
|
||||
nat.enable = lib.mkForce false;
|
||||
|
||||
useDHCP = false;
|
||||
|
||||
vlans = {
|
||||
cameras = {
|
||||
id = 3;
|
||||
interface = "eth1";
|
||||
};
|
||||
};
|
||||
|
||||
interfaces = {
|
||||
enp1s0 = {
|
||||
name = "eth0";
|
||||
@ -47,6 +55,14 @@
|
||||
}
|
||||
];
|
||||
};
|
||||
cameras /* cameras@eth1 */ = {
|
||||
ipv4.addresses = [
|
||||
{
|
||||
address = "10.133.145.1";
|
||||
prefixLength = 24;
|
||||
}
|
||||
];
|
||||
};
|
||||
enp3s0 = {
|
||||
name = "eth2";
|
||||
ipv4.addresses = [
|
||||
@ -67,6 +83,9 @@
|
||||
table inet filter {
|
||||
chain output {
|
||||
type filter hook output priority 100; policy accept;
|
||||
|
||||
iifname "cameras" ct state established,related counter accept comment "Allow established connections to cameras"
|
||||
iifname "cameras" counter drop
|
||||
}
|
||||
|
||||
chain input {
|
||||
@ -82,8 +101,8 @@
|
||||
|
||||
ip protocol icmp counter accept comment "accept all ICMP types"
|
||||
|
||||
iifname "eth0" ct state { established, related } counter accept
|
||||
iifname "eth0" drop
|
||||
iifname { "eth0", "cameras" } ct state { established, related } counter accept
|
||||
iifname { "eth0", "cameras" } drop
|
||||
}
|
||||
|
||||
chain forward {
|
||||
@ -243,6 +262,29 @@
|
||||
}
|
||||
];
|
||||
}
|
||||
{
|
||||
subnet = "10.133.145.0/24";
|
||||
interface = "cameras";
|
||||
pools = [{
|
||||
pool = "10.133.145.64 - 10.133.145.254";
|
||||
}];
|
||||
option-data = [
|
||||
{
|
||||
name = "routers";
|
||||
data = "10.133.145.1";
|
||||
}
|
||||
{
|
||||
name = "broadcast-address";
|
||||
data = "10.133.145.255";
|
||||
}
|
||||
{
|
||||
name = "domain-name-servers";
|
||||
data = "1.1.1.1, 8.8.8.8";
|
||||
}
|
||||
];
|
||||
reservations = [
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
Loading…
Reference in New Issue
Block a user