hosts/prefect/firewall.nix at 0937f7dfcabcd37b001643f3ded6cfe19185cfbf · pyrox.dev/nix

pyrox.dev / nix

My Nix Configuration

nix / hosts / prefect / firewall.nix

at 0937f7dfcabcd37b001643f3ded6cfe19185cfbf 1.0 kB view raw

 1{
 2  # Enable using nftables instead of iptables
 3  networking.nftables.enable = true;
 4  networking.firewall = {
 5    enable = true;
 6    allowedTCPPorts = [
 7      25
 8      80
 9      143
10      179
11      389
12      443
13      465
14      587
15      636
16      993
17      4130
18      4190
19      6900
20      8000
21    ];
22    allowedUDPPorts = [
23      80
24      636
25      4367
26      6900
27      34197
28    ];
29    allowedUDPPortRanges = [
30      {
31        from = 480;
32        to = 510;
33      }
34    ];
35    trustedInterfaces = [
36      "tailscale0"
37      "wg0"
38
39      # DN42 Interfaces
40      "wg42_bandura"
41      "wg42_bluemedia"
42      "wg42_catgirls"
43      "wg42_chris"
44      "wg42_iedon"
45      "wg42_kioubit"
46      "wg42_liki"
47      "wg42_lutoma"
48      "wg42_potato"
49      "wg42_sunnet"
50      "wg42_uffsalot"
51      "wg42_usman"
52    ];
53    extraForwardRules = ''
54      meta iifname "wg42_*" meta oifname "wg42_*" accept
55      meta iifname tailscale0 meta oifname "wg42_*" accept
56      meta iifname "wg42_*" meta oifname tailscale0  tcp dport 22 accept
57    '';
58  };
59}