Use the NixOS firewall instead to block unwanted PIA VPN traffic

2023-03-12 20:49:39 -06:00
parent 478235fe32
commit 83e9280bb4
2 changed files with 7 additions and 3 deletions
--- a/common/network/vpn.nix
+++ b/common/network/vpn.nix
@@ -75,7 +75,11 @@ in
        # speeds up evaluation
        nixpkgs.pkgs = pkgs;

-        networking.firewall.enable = mkForce false;
+        # networking.firewall.enable = mkForce false;
+        networking.firewall.trustedInterfaces = [
+          # completely trust internal interface to host
+          "eth0"
+        ];

        pia.openvpn.enable = cfg.useOpenVPN;
        pia.openvpn.server = "swiss.privacy.network"; # swiss vpn