all repos — nixfiles @ 8d1dfe0927fa3815d87700df6087f159f002fe36

System and user configuration, managed by nix and home-manager

prefect: switch to nftables-based firewall

Alan Pearce
commit

8d1dfe0927fa3815d87700df6087f159f002fe36

parent

232505d511747ba32e4143ecf673634a5317db81

1 file changed, 11 insertions(+), 4 deletions(-)

jump to
M system/prefect.nixsystem/prefect.nix
@@ -123,10 +123,17 @@ enable = true;
     openFirewall = false;
     startWhenNeeded = true;
   };
-  networking.firewall.extraCommands = ''
-    iptables  -A nixos-fw -p udp --source 172.30.42.0/24       -j nixos-fw-accept
-    iptables  -A nixos-fw -p tcp --source 172.30.42.0/24       -j nixos-fw-accept
-  '';
+
+  networking.nftables = {
+    enable = true;
+  };
+  networking.firewall = {
+    allowedTCPPorts = [ 80 443 139 445 1024 ];
+    extraInputRules = ''
+      ip saddr 172.30.42.0/24 accept
+      ip6 saddr { fd00::/8, fe80::/10 } accept
+    '';
+  };
 
   hardware.firmware = with pkgs; [
     linux-firmware # for iwlwifi