cilly/flakes
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

system/security: open firewall for local network

Browse source
This commit is contained in:
LavaDesu 2023-09-04 12:28:19 +07:00
parent 87ffeb596a
commit 943f111cb6
Signed by: cilly
GPG key ID: 6500251E087653C9
1 changed files with 11 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

12
modules/system/security.nix
View file

@ -1,9 +1,19 @@
{ config, pkgs, ... }: { { config, pkgs, ... }: {
networking.firewall = { networking.firewall =
let
iptables = "${pkgs.iptables}/bin/iptables";
genCmds = type: ''
${iptables} -${type} nixos-fw -p tcp --source 192.168.0.0/16 -j nixos-fw-accept ${if type == "D" then " || true" else ""}
${iptables} -${type} nixos-fw -p udp --source 192.168.0.0/16 -j nixos-fw-accept ${if type == "D" then " || true" else ""}
'';
in {
enable = true; enable = true;
allowedUDPPortRanges = [ { from = 20000; to = 20100; } ]; allowedUDPPortRanges = [ { from = 20000; to = 20100; } ];
allowedTCPPortRanges = [ { from = 20000; to = 20100; } ]; allowedTCPPortRanges = [ { from = 20000; to = 20100; } ];
trustedInterfaces = [ "wg0" ]; trustedInterfaces = [ "wg0" ];
extraCommands = genCmds "I";
extraStopCommands = genCmds "D";
}; };
services.openssh = { services.openssh = {