From c71113f92994c4174bfdb191e8a5123e1fa60e40 Mon Sep 17 00:00:00 2001
From: Alan Pearce
Date: Fri, 31 May 2024 00:22:01 +0200
Subject: nanopi: simplify firewall

---
 system/nanopi.nix | 40 +++-------------------------------------
 1 file changed, 3 insertions(+), 37 deletions(-)

(limited to 'system')

diff --git a/system/nanopi.nix b/system/nanopi.nix
index 6116c62f..cc8ba062 100755
--- a/system/nanopi.nix
+++ b/system/nanopi.nix
@@ -100,44 +100,10 @@ in
       logRefusedConnections = false;
       pingLimit = "5/second";
       filterForward = true; # we are a router
-      allowedUDPPorts = [
-        53
-        123
-      ];
-      allowedTCPPorts = [
-        53
-        123
-        80
-        443
+      trustedInterfaces = [
+        "bridge0"
+        "tailscale0"
       ];
-      interfaces.bridge0 = {
-        allowedTCPPorts = [
-          53
-          67
-          139
-          445
-          1883
-          3000
-          3689
-          5357
-          5533 # SmartDNS
-          8096
-          9091 # Transmission
-        ];
-        allowedUDPPorts = [
-          53
-          67
-          69
-          137
-          4011 # PXE
-          5533 # SmartDNS
-          5353
-          5355 # LLMNR
-          3702 # Samba WSDD
-          41641
-          51827
-        ];
-      };
       interfaces.wan0 = {
         allowedTCPPorts = [
           6980 # aria2c
-- 
cgit 1.4.1