diff options
author | Alan Pearce | 2024-05-31 00:22:01 +0200 |
---|---|---|
committer | Alan Pearce | 2024-05-31 00:22:01 +0200 |
commit | c71113f92994c4174bfdb191e8a5123e1fa60e40 (patch) | |
tree | a2c57b7f5e8f21ddb2ecec055898779d2e42b6dc | |
parent | d46863c777bae46d93e46d96be5e72881f4dd400 (diff) | |
download | nixfiles-c71113f92994c4174bfdb191e8a5123e1fa60e40.tar.lz nixfiles-c71113f92994c4174bfdb191e8a5123e1fa60e40.tar.zst nixfiles-c71113f92994c4174bfdb191e8a5123e1fa60e40.zip |
nanopi: simplify firewall
-rwxr-xr-x | system/nanopi.nix | 40 |
1 files changed, 3 insertions, 37 deletions
diff --git a/system/nanopi.nix b/system/nanopi.nix index 6116c62f..cc8ba062 100755 --- a/system/nanopi.nix +++ b/system/nanopi.nix @@ -100,44 +100,10 @@ in logRefusedConnections = false; pingLimit = "5/second"; filterForward = true; # we are a router - allowedUDPPorts = [ - 53 - 123 - ]; - allowedTCPPorts = [ - 53 - 123 - 80 - 443 + trustedInterfaces = [ + "bridge0" + "tailscale0" ]; - interfaces.bridge0 = { - allowedTCPPorts = [ - 53 - 67 - 139 - 445 - 1883 - 3000 - 3689 - 5357 - 5533 # SmartDNS - 8096 - 9091 # Transmission - ]; - allowedUDPPorts = [ - 53 - 67 - 69 - 137 - 4011 # PXE - 5533 # SmartDNS - 5353 - 5355 # LLMNR - 3702 # Samba WSDD - 41641 - 51827 - ]; - }; interfaces.wan0 = { allowedTCPPorts = [ 6980 # aria2c |