summaryrefslogtreecommitdiff
path: root/etc
diff options
context:
space:
mode:
Diffstat (limited to 'etc')
-rw-r--r--etc/myconf/cfgl_meta2
-rw-r--r--etc/nftables.conf5
2 files changed, 5 insertions, 2 deletions
diff --git a/etc/myconf/cfgl_meta b/etc/myconf/cfgl_meta
index 6aa1dcf2..13e8317b 100644
--- a/etc/myconf/cfgl_meta
+++ b/etc/myconf/cfgl_meta
@@ -32,7 +32,7 @@
755 root root //etc/systemd/system/multi-user.target.wants
777 root root //etc/systemd/system/multi-user.target.wants/wg-quick@wg0.service
755 root root //etc/systemd/system/paccache.service.d
-600 root root //etc/systemd/system/paccache.service.d/10-remove-all.conf
+644 root root //etc/systemd/system/paccache.service.d/10-remove-all.conf
755 root root //home
700 xyz wheel //home/xyz
644 xyz wheel //home/xyz/.bashrc
diff --git a/etc/nftables.conf b/etc/nftables.conf
index be70bebb..5845c4c9 100644
--- a/etc/nftables.conf
+++ b/etc/nftables.conf
@@ -9,6 +9,7 @@
flush ruleset
define pub_iface = "ens18"
+define pub_iface6 = "ipv6net"
define wg_iface = "wg0"
table inet my_table {
@@ -62,7 +63,9 @@ table inet nat {
policy accept
# Needed for VPN. Needed for port forwarding from cilent with VPN through server
# https://www.procustodibus.com/blog/2022/09/wireguard-port-forward-from-internet/#default-route
- oifname $pub_iface masquerade
+ # xyzba uses 6in4 sit tunnel for ipv6. To use ipv6 when wg to xyzba, that network interface name ipv6net ($pub_iface6) also needs to be masqueraded
+ # https://wiki.archlinux.org/title/IPv6_tunnel_broker_setup
+ oifname { $pub_iface, $pub_iface6 } masquerade
# needed for port forwarding from client without VPN through server
# https://www.procustodibus.com/blog/2022/09/wireguard-port-forward-from-internet/#masquerading
#oifname $wg_iface masquerade