systems/x86_64-linux/prefect/firewall.nix at eeaf464683dad6f07e6cf8424f4f4de6f058ce9e · pyrox.dev/nix

pyrox.dev / nix

My Nix Configuration

nix / systems / x86_64-linux / prefect / firewall.nix

at eeaf464683dad6f07e6cf8424f4f4de6f058ce9e 1.0 kB view raw

 1{
 2  # Enable using nftables instead of iptables
 3  networking.nftables.enable = true;
 4  networking.firewall = {
 5    enable = true;
 6    allowedTCPPorts = [
 7      80
 8      143
 9      179
10      389
11      443
12      465
13      587
14      636
15      993
16      4130
17      6900
18      8000
19    ];
20    allowedUDPPorts = [
21      636
22      4367
23      6900
24      34197
25    ];
26    allowedUDPPortRanges = [
27      {
28        from = 480;
29        to = 510;
30      }
31    ];
32    trustedInterfaces = [
33      "tailscale0"
34      "wg0"
35
36      # DN42 Interfaces
37      "wg42_bandura"
38      "wg42_bluemedia"
39      "wg42_catgirls"
40      "wg42_chris"
41      "wg42_iedon"
42      "wg42_kioubit"
43      "wg42_liki"
44      "wg42_lutoma"
45      "wg42_potato"
46      "wg42_sunnet"
47      "wg42_uffsalot"
48      "wg42_usman"
49    ];
50    extraForwardRules = ''
51      meta iifname "wg42_*" meta oifname "wg42_*" accept
52      meta iifname tailscale0 meta oifname "wg42_*" accept
53      meta iifname "wg42_*" meta oifname tailscale0  tcp dport 22 accept
54    '';
55  };
56}