systems/koumakan/networking/firewall.nix at main · soopy.moe/gensokyo

soopy.moe / gensokyo

nixos config

gensokyo / systems / koumakan / networking / firewall.nix

at main 417 B view raw

 1{ lib, ... }:
 2{
 3  networking.firewall = {
 4    enable = true;
 5    allowedTCPPorts = [
 6      80
 7      443 # http[s]
 8
 9      # sftpgo
10      21 # ftp
11    ];
12
13    allowedTCPPortRanges = [
14      # ftp passive mode
15      {
16        from = 50000;
17        to = 50100;
18      }
19    ];
20    allowedUDPPorts = [
21      443 # https over quic (http3)
22    ];
23  };
24
25  # allow openssh
26  services.openssh.openFirewall = lib.mkForce true;
27}