-
Notifications
You must be signed in to change notification settings - Fork 0
/
firewall.nix
53 lines (48 loc) · 1.34 KB
/
firewall.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
# Firewall Configuration
#- <https://wiki.nixos.org/wiki/Firewall>
_: {
# The default firewall uses iptables
# To use the newer nftables instead it needs to be enabled
# Causes problem with Docker
# Docker uses iptables internally to setup NAT for containers
networking.nftables.enable = false;
# Check the rules: iptables -L -v -n
# nftables: nft list ruleset
networking.firewall = {
enable = true;
allowPing = false;
# Warning: Firewall rules may be overwritten by Docker
# <https://github.com/NixOS/nixpkgs/issues/111852>
interfaces = {
"enp42s0" = {
# Block all ports
allowedTCPPorts = [
# config.services.aria2.settings.rpc-listen-port
];
allowedUDPPorts = [
# config.services.aria2.settings.listen-port
];
# Syncthing ports
# 6433 is equired by k3s so that pod can reach the API server (running on port 6443 by default)
# allowedTCPPorts = [6443 8384 22000];
# allowedUDPPorts = [22000 21027];
/*
allowedTCPPortRanges = [
# GS-/KDE-Connect
{
from = 1714;
to = 1764;
}
];
allowedUDPPortRanges = [
# {GS/KDE}-Connect
{
from = 1714;
to = 1764;
}
];
*/
};
};
};
}