summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorAlan Pearce2024-05-31 00:22:01 +0200
committerAlan Pearce2024-05-31 00:22:01 +0200
commitc71113f92994c4174bfdb191e8a5123e1fa60e40 (patch)
treea2c57b7f5e8f21ddb2ecec055898779d2e42b6dc
parentd46863c777bae46d93e46d96be5e72881f4dd400 (diff)
downloadnixfiles-c71113f92994c4174bfdb191e8a5123e1fa60e40.tar.lz
nixfiles-c71113f92994c4174bfdb191e8a5123e1fa60e40.tar.zst
nixfiles-c71113f92994c4174bfdb191e8a5123e1fa60e40.zip
nanopi: simplify firewall
-rwxr-xr-xsystem/nanopi.nix40
1 files changed, 3 insertions, 37 deletions
diff --git a/system/nanopi.nix b/system/nanopi.nix
index 6116c62f..cc8ba062 100755
--- a/system/nanopi.nix
+++ b/system/nanopi.nix
@@ -100,44 +100,10 @@ in
       logRefusedConnections = false;
       pingLimit = "5/second";
       filterForward = true; # we are a router
-      allowedUDPPorts = [
-        53
-        123
-      ];
-      allowedTCPPorts = [
-        53
-        123
-        80
-        443
+      trustedInterfaces = [
+        "bridge0"
+        "tailscale0"
       ];
-      interfaces.bridge0 = {
-        allowedTCPPorts = [
-          53
-          67
-          139
-          445
-          1883
-          3000
-          3689
-          5357
-          5533 # SmartDNS
-          8096
-          9091 # Transmission
-        ];
-        allowedUDPPorts = [
-          53
-          67
-          69
-          137
-          4011 # PXE
-          5533 # SmartDNS
-          5353
-          5355 # LLMNR
-          3702 # Samba WSDD
-          41641
-          51827
-        ];
-      };
       interfaces.wan0 = {
         allowedTCPPorts = [
           6980 # aria2c