rope/nixos
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

router: allow docker0 forward and expose 7dtd-coop ports

Browse source 
Container outbound (image pulls, LinuxGSM bootstrap fetches) was
dropped by the inet filter forward chain — only eth0 and DNAT'd
WAN traffic were whitelisted. Add iifname "docker0" accept so
containers can reach the internet.

Also add the coop server's 26910/26911-26912 forwards to ports.toml
so WAN players can connect.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
ediblerope 2026-04-25 15:35:26 +01:00
parent 4d84fe2df3
commit 568b815d8d
2 changed files with 12 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

10
ports.toml
View file

@ -34,3 +34,13 @@ protocol = "both"
name = "7DTD voice/dynamic" name = "7DTD voice/dynamic"
ports = "26901-26902" ports = "26901-26902"
protocol = "udp" protocol = "udp"
[[forward]]
name = "7DTD-coop game"
port = 26910
protocol = "both"
[[forward]]
name = "7DTD-coop voice/dynamic"
ports = "26911-26912"
protocol = "udp"

2
services/router.nix
View file

@ -126,6 +126,8 @@ in
ct state invalid drop ct state invalid drop
# LAN → anywhere # LAN → anywhere
iifname "eth0" accept iifname "eth0" accept
# Docker containers → anywhere (needed for image pulls, LinuxGSM bootstrap, etc.)
iifname "docker0" accept
# WAN → LAN only if it was DNAT'd by a port-forward rule # WAN → LAN only if it was DNAT'd by a port-forward rule
iifname "eno1" oifname "eth0" ct status dnat accept iifname "eno1" oifname "eth0" ct status dnat accept
} }