systems/x86_64-linux/prefect/firewall.nix at fc871aa6fc3dae7a0c381996d507bb6b4d709f87 · pyrox.dev/nix

pyrox.dev / nix

My Nix Configuration

nix / systems / x86_64-linux / prefect / firewall.nix

at fc871aa6fc3dae7a0c381996d507bb6b4d709f87 1.0 kB view raw

 1{
 2  # Enable using nftables instead of iptables
 3  networking.nftables.enable = true;
 4  networking.firewall = {
 5    enable = true;
 6    allowedTCPPorts = [
 7      80
 8      143
 9      179
10      389
11      443
12      465
13      587
14      636
15      993
16      4130
17      4190
18      6900
19      8000
20    ];
21    allowedUDPPorts = [
22      80
23      636
24      4367
25      6900
26      34197
27    ];
28    allowedUDPPortRanges = [
29      {
30        from = 480;
31        to = 510;
32      }
33    ];
34    trustedInterfaces = [
35      "tailscale0"
36      "wg0"
37
38      # DN42 Interfaces
39      "wg42_bandura"
40      "wg42_bluemedia"
41      "wg42_catgirls"
42      "wg42_chris"
43      "wg42_iedon"
44      "wg42_kioubit"
45      "wg42_liki"
46      "wg42_lutoma"
47      "wg42_potato"
48      "wg42_sunnet"
49      "wg42_uffsalot"
50      "wg42_usman"
51    ];
52    extraForwardRules = ''
53      meta iifname "wg42_*" meta oifname "wg42_*" accept
54      meta iifname tailscale0 meta oifname "wg42_*" accept
55      meta iifname "wg42_*" meta oifname tailscale0  tcp dport 22 accept
56    '';
57  };
58}