From 12b02bbaa30425a9d3a4231f7f5e0dd991e1b3f6 Mon Sep 17 00:00:00 2001
From: Giulio De Pasquale <depasquale+git@giugl.io>
Date: Sat, 18 Dec 2021 22:02:52 +0100
Subject: [PATCH] Changed firewall ports

---
 hosts/architect/firewall.nix | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/hosts/architect/firewall.nix b/hosts/architect/firewall.nix
index d51ee5d..072548c 100644
--- a/hosts/architect/firewall.nix
+++ b/hosts/architect/firewall.nix
@@ -13,9 +13,19 @@ let
   ];
   open_udp_ports = lib.concatMapStringsSep "," (x: toString x) [
     1194 # wireguard
-    3478 # turn
     51413 # transmission
   ];
+  open_tcp_ports_vpn = lib.concatMapStringsSep "," (x: toString x) [
+    22
+    80
+    443
+    8848
+    32400 # plex
+  ];
+  open_udp_ports_vpn = lib.concatMapStringsSep "," (x: toString x) [
+    53 # dns
+  ];
+
 in {
   networking = {
     # needed to use nftables
@@ -125,9 +135,8 @@ in {
 
                     iifname ${wan-if} tcp dport {${open_tcp_ports}} accept
                     iifname ${wan-if} udp dport {${open_udp_ports}} accept
-                    iifname ${vpn-if} tcp dport {${open_tcp_ports}} accept
-                    iifname ${vpn-if} udp dport {${open_udp_ports}} accept
-                    iifname ${vpn-if} udp dport 53 accept
+                    iifname ${vpn-if} tcp dport {${open_tcp_ports_vpn}} accept
+                    iifname ${vpn-if} udp dport {${open_udp_ports_vpn}} accept
                     iifname ${vpn-if} icmp type echo-request accept
 
                     jump filter_drop