services: adblock: restrict to wireguard interface

This commit is contained in:
Bruno BELANYI 2021-04-22 17:40:27 +00:00
parent a551ace6a6
commit 3696471201

View file

@ -36,9 +36,11 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
# Needed when connecting from Wireguard clients # Allow wireguard clients to connect to it
networking.firewall.allowedUDPPorts = [ 53 ]; networking.firewall.interfaces."${wgCfg.iface}" = {
networking.firewall.allowedTCPPorts = [ 53 ]; allowedUDPPorts = [ 53 ];
allowedTCPPorts = [ 53 ];
};
services.unbound = { services.unbound = {
enable = true; enable = true;