1 { pkgs, lib, config, ... }:
2 with (import ./names-and-numbers.nix);
4 networking.interfaces = {
9 networking.networkmanager.unmanaged = [ ftthIface ];
10 networking.nftables.ruleset = lib.mkAfter ''
13 iifname ${ftthIface} jump input-net
14 iifname ${ftthIface} log level warn prefix "input-net: " counter drop
17 oifname ${ftthIface} jump output-net
18 oifname ${ftthIface} log level warn prefix "output-net: " counter drop
20 chain forward-to-net {
22 chain forward-from-net {
25 iifname { ${wifiIface}, ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } oifname ${ftthIface} goto forward-to-net
26 iifname ${ftthIface} oifname { ${wifiIface}, ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } goto forward-from-net
31 iifname { ${wifiIface}, ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } oifname ${ftthIface} masquerade