nixos/netbird: openFirewall for remote DNS resolver

2025-06-26 11:55:00 +02:00 · 2025-06-26 11:55:00 +02:00 · 70e91e0956
commit 70e91e0956
parent fdc7bb0f4f
1 changed files with 11 additions and 0 deletions
--- a/nixos/modules/services/networking/netbird.nix
+++ b/nixos/modules/services/networking/netbird.nix
@ -12,6 +12,7 @@ let
    escapeShellArgs
    filterAttrs
    getExe
+    listToAttrs
    literalExpression
    maintainers
    makeBinPath
@ -471,6 +472,16 @@ in
        toClientList (client: optional client.openFirewall client.port)
      );

+      # Ports opened on a specific
+      networking.firewall.interfaces = listToAttrs (
+        toClientList (client: {
+          name = client.interface;
+          value.allowedUDPPorts = optionals client.openFirewall [
+            5353 # required for the DNS forwarding/routing to work
+          ];
+        })
+      );
+
      systemd.network.networks = mkIf config.networking.useNetworkd (
        toClientAttrs (
          client: