Changed firewall ports

2021-12-18 22:02:52 +01:00 · 2021-12-18 22:02:52 +01:00 · 12b02bbaa3
commit 12b02bbaa3
parent 19a48e7993
1 changed files with 13 additions and 4 deletions
--- a/hosts/architect/firewall.nix
+++ b/hosts/architect/firewall.nix
@ -13,9 +13,19 @@ let
  ];
  open_udp_ports = lib.concatMapStringsSep "," (x: toString x) [
    1194 # wireguard
-    3478 # turn
    51413 # transmission
  ];
+  open_tcp_ports_vpn = lib.concatMapStringsSep "," (x: toString x) [
+    22
+    80
+    443
+    8848
+    32400 # plex
+  ];
+  open_udp_ports_vpn = lib.concatMapStringsSep "," (x: toString x) [
+    53 # dns
+  ];
+
 in {
  networking = {
    # needed to use nftables
@ -125,9 +135,8 @@ in {

                    iifname ${wan-if} tcp dport {${open_tcp_ports}} accept
                    iifname ${wan-if} udp dport {${open_udp_ports}} accept
-                    iifname ${vpn-if} tcp dport {${open_tcp_ports}} accept
-                    iifname ${vpn-if} udp dport {${open_udp_ports}} accept
-                    iifname ${vpn-if} udp dport 53 accept
+                    iifname ${vpn-if} tcp dport {${open_tcp_ports_vpn}} accept
+                    iifname ${vpn-if} udp dport {${open_udp_ports_vpn}} accept
                    iifname ${vpn-if} icmp type echo-request accept

                    jump filter_drop