diff options
| author | Emīls <emils@mullvad.net> | 2025-01-20 16:46:06 +0100 |
|---|---|---|
| committer | Emīls <emils@mullvad.net> | 2025-03-26 16:06:08 +0100 |
| commit | db3dbf2a2d9ff6f26a1f5c7eb97a3ebab6e97685 (patch) | |
| tree | a2bbb9ad8d976993d39183ed3223d8877861ff2c | |
| parent | 90c7ece9315f3b27184cc9b6546a9a604d68d886 (diff) | |
| download | mullvadvpn-db3dbf2a2d9ff6f26a1f5c7eb97a3ebab6e97685.tar.xz mullvadvpn-db3dbf2a2d9ff6f26a1f5c7eb97a3ebab6e97685.zip | |
Allow returning traffic from staging interface
| -rw-r--r-- | ci/ios/test-router/nftables.nix | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ci/ios/test-router/nftables.nix b/ci/ios/test-router/nftables.nix index 9222d3b298..41e78f1e45 100644 --- a/ci/ios/test-router/nftables.nix +++ b/ci/ios/test-router/nftables.nix @@ -77,7 +77,7 @@ in iifname "wan" udp dport {9090, 9091} counter accept iifname "wan" tcp dport {9090, 9091} counter accept - iifname "wan" ct state vmap { established : accept, related : accept, invalid : drop } + iifname { "wan", "staging" } ct state vmap { established : accept, related : accept, invalid : drop } iifname "wan" udp sport 67 udp dport 68 counter accept; iifname "wan" ip6 saddr fe80::/10 udp sport 547 ip6 daddr fe80::/10 udp dport 546 counter accept @@ -100,7 +100,7 @@ in # Allow trusted network WAN access iifname { - ${cfg.lanInterfaces} + lo, ${cfg.lanInterfaces} } oifname { "wan", "staging" } counter accept comment "Allow trusted LAN to WAN and staging interface" |