peperunas/nixos
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Changed firewall ports

Browse Source
This commit is contained in:
Giulio De Pasquale 2021-12-18 22:02:52 +01:00
parent 19a48e7993
commit 12b02bbaa3
1 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
hosts/architect/firewall.nix
View File

@ -13,9 +13,19 @@ let
]; ];
open_udp_ports = lib.concatMapStringsSep "," (x: toString x) [ open_udp_ports = lib.concatMapStringsSep "," (x: toString x) [
1194 # wireguard 1194 # wireguard
3478 # turn
51413 # transmission 51413 # transmission
]; ];
open_tcp_ports_vpn = lib.concatMapStringsSep "," (x: toString x) [
22
80
443
8848
32400 # plex
];
open_udp_ports_vpn = lib.concatMapStringsSep "," (x: toString x) [
53 # dns
];
in { in {
networking = { networking = {
# needed to use nftables # needed to use nftables
@ -125,9 +135,8 @@ in {
iifname ${wan-if} tcp dport {${open_tcp_ports}} accept iifname ${wan-if} tcp dport {${open_tcp_ports}} accept
iifname ${wan-if} udp dport {${open_udp_ports}} accept iifname ${wan-if} udp dport {${open_udp_ports}} accept
iifname ${vpn-if} tcp dport {${open_tcp_ports}} accept iifname ${vpn-if} tcp dport {${open_tcp_ports_vpn}} accept
iifname ${vpn-if} udp dport {${open_udp_ports}} accept iifname ${vpn-if} udp dport {${open_udp_ports_vpn}} accept
iifname ${vpn-if} udp dport 53 accept
iifname ${vpn-if} icmp type echo-request accept iifname ${vpn-if} icmp type echo-request accept
jump filter_drop jump filter_drop