all repos — nixfiles @ c71113f92994c4174bfdb191e8a5123e1fa60e40

System and user configuration, managed by nix and home-manager

nanopi: simplify firewall
Alan Pearce alan@alanpearce.eu
Fri, 31 May 2024 00:22:01 +0200
commit

c71113f92994c4174bfdb191e8a5123e1fa60e40

parent

d46863c777bae46d93e46d96be5e72881f4dd400

1 files changed, 3 insertions(+), 37 deletions(-)

jump to
M system/nanopi.nixsystem/nanopi.nix
@@ -100,44 +100,10 @@ rejectPackets = true;       logRefusedConnections = false;
       pingLimit = "5/second";
       filterForward = true; # we are a router
-      allowedUDPPorts = [
-        53
-        123
-      ];
-      allowedTCPPorts = [
-        53
-        123
-        80
-        443
+      trustedInterfaces = [
+        "bridge0"
+        "tailscale0"
       ];
-      interfaces.bridge0 = {
-        allowedTCPPorts = [
-          53
-          67
-          139
-          445
-          1883
-          3000
-          3689
-          5357
-          5533 # SmartDNS
-          8096
-          9091 # Transmission
-        ];
-        allowedUDPPorts = [
-          53
-          67
-          69
-          137
-          4011 # PXE
-          5533 # SmartDNS
-          5353
-          5355 # LLMNR
-          3702 # Samba WSDD
-          41641
-          51827
-        ];
-      };
       interfaces.wan0 = {
         allowedTCPPorts = [
           6980 # aria2c