From 8d1dfe0927fa3815d87700df6087f159f002fe36 Mon Sep 17 00:00:00 2001 From: Alan Pearce Date: Sun, 23 Apr 2023 11:28:53 +0200 Subject: prefect: switch to nftables-based firewall --- system/prefect.nix | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/system/prefect.nix b/system/prefect.nix index c4990e20..e5ebac22 100644 --- a/system/prefect.nix +++ b/system/prefect.nix @@ -123,10 +123,17 @@ openFirewall = false; startWhenNeeded = true; }; - networking.firewall.extraCommands = '' - iptables -A nixos-fw -p udp --source 172.30.42.0/24 -j nixos-fw-accept - iptables -A nixos-fw -p tcp --source 172.30.42.0/24 -j nixos-fw-accept - ''; + + networking.nftables = { + enable = true; + }; + networking.firewall = { + allowedTCPPorts = [ 80 443 139 445 1024 ]; + extraInputRules = '' + ip saddr 172.30.42.0/24 accept + ip6 saddr { fd00::/8, fe80::/10 } accept + ''; + }; hardware.firmware = with pkgs; [ linux-firmware # for iwlwifi -- cgit 1.4.1