Use the NixOS firewall instead to block unwanted PIA VPN traffic

2023-03-12 20:49:39 -06:00
parent 478235fe32
commit 83e9280bb4
2 changed files with 7 additions and 3 deletions
--- a/common/network/pia-wireguard.nix
+++ b/common/network/pia-wireguard.nix
@@ -213,8 +213,8 @@ in {
        echo $payload >> /tmp/${cfg.interfaceName}-port-renewal

        # Block all traffic from VPN interface except for traffic that is from the forwarded port
-        iptables -I INPUT -i ${cfg.interfaceName} -j DROP
-        iptables -I INPUT -i ${cfg.interfaceName} -p tcp --dport $port -j ACCEPT
+        iptables -I nixos-fw -p tcp --dport $port -j nixos-fw-accept -i ${cfg.interfaceName}
+        iptables -I nixos-fw -p udp --dport $port -j nixos-fw-accept -i ${cfg.interfaceName}

        # The first port refresh triggers the port to be actually allocated
        ${refreshPIAPort}