hosts/prefect/firewall.nix at 7dc53d038a9dc8366e53a36108f4e49ae58438fc · pyrox.dev/nix

pyrox.dev / nix

My Nix Configuration

nix / hosts / prefect / firewall.nix

at 7dc53d038a9dc8366e53a36108f4e49ae58438fc 757 B view raw

 1{
 2  # Enable using nftables instead of iptables
 3  networking.nftables.enable = true;
 4  networking.firewall = {
 5    enable = true;
 6    allowedTCPPorts = [
 7      25
 8      80
 9      143
10      179
11      389
12      443
13      465
14      587
15      636
16      993
17      4130
18      4190
19      6900
20      8000
21    ];
22    allowedUDPPorts = [
23      80
24      636
25      4367
26      6900
27      34197
28    ];
29    allowedUDPPortRanges = [
30      {
31        from = 42000;
32        to = 52000;
33      }
34    ];
35    trustedInterfaces = [
36      "wg0"
37    ];
38    extraForwardRules = ''
39      meta iifname "wg42_*" meta oifname "wg42_*" accept
40      meta iifname tailscale0 meta oifname "wg42_*" accept
41      meta iifname "wg42_*" meta oifname tailscale0  tcp dport 22 accept
42    '';
43  };
44}