prefect: switch to nftables-based firewall
Alan Pearce alan@alanpearce.eu
Sun, 23 Apr 2023 11:28:53 +0200
1 files changed, 11 insertions(+), 4 deletions(-)
jump to
M system/prefect.nix → system/prefect.nix
@@ -123,10 +123,17 @@ enable = true; openFirewall = false; startWhenNeeded = true; }; - networking.firewall.extraCommands = '' - iptables -A nixos-fw -p udp --source 172.30.42.0/24 -j nixos-fw-accept - iptables -A nixos-fw -p tcp --source 172.30.42.0/24 -j nixos-fw-accept - ''; + + networking.nftables = { + enable = true; + }; + networking.firewall = { + allowedTCPPorts = [ 80 443 139 445 1024 ]; + extraInputRules = '' + ip saddr 172.30.42.0/24 accept + ip6 saddr { fd00::/8, fe80::/10 } accept + ''; + }; hardware.firmware = with pkgs; [ linux-firmware # for iwlwifi