make mdns iptables rules work

2023-07-11 16:30:35 +02:00 · 2023-07-11 16:30:35 +02:00 · a63abe676e
commit a63abe676e
parent 34bb2fd13f
2 changed files with 11 additions and 14 deletions
--- a/modules/zerotier/default.nix
+++ b/modules/zerotier/default.nix
@ -1,14 +1,11 @@
 { lib, ... }:
 {
-  networking.firewall.allowedTCPPorts = [
-    9993 
-    # FIXME: figure out why it's not enough to just allow it on interface zt*
-    5353
-  ];
-  networking.firewall.allowedUDPPorts = [
-    9993
-    5353
-  ];
+  networking.firewall.allowedTCPPorts = [ 9993 ];
+  networking.firewall.allowedUDPPorts = [ 9993 ];
+  networking.firewall.interfaces."zt+".allowedTCPPorts = [ 5353 ];
+  networking.firewall.interfaces."zt+".allowedUDPPorts = [ 5353 ];
+
+  # Note avahi was super slow. systemd-resolved worked much faster for mdns
  systemd.network.networks = {
    zerotier.extraConfig = ''
      [Match]
--- a/targets/web01/terraform.tfstate
+++ b/targets/web01/terraform.tfstate