all repos — nixfiles @ c71113f92994c4174bfdb191e8a5123e1fa60e40

System and user configuration, managed by nix and home-manager

nanopi: simplify firewall

Alan Pearce
commit

c71113f92994c4174bfdb191e8a5123e1fa60e40

parent

d46863c777bae46d93e46d96be5e72881f4dd400

1 file changed, 3 insertions(+), 37 deletions(-)

jump to
M system/nanopi.nixsystem/nanopi.nix
@@ -100,44 +100,10 @@ rejectPackets = true;
logRefusedConnections = false; pingLimit = "5/second"; filterForward = true; # we are a router - allowedUDPPorts = [ - 53 - 123 - ]; - allowedTCPPorts = [ - 53 - 123 - 80 - 443 + trustedInterfaces = [ + "bridge0" + "tailscale0" ]; - interfaces.bridge0 = { - allowedTCPPorts = [ - 53 - 67 - 139 - 445 - 1883 - 3000 - 3689 - 5357 - 5533 # SmartDNS - 8096 - 9091 # Transmission - ]; - allowedUDPPorts = [ - 53 - 67 - 69 - 137 - 4011 # PXE - 5533 # SmartDNS - 5353 - 5355 # LLMNR - 3702 # Samba WSDD - 41641 - 51827 - ]; - }; interfaces.wan0 = { allowedTCPPorts = [ 6980 # aria2c