wolfgirls/nixos
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

firewall

Browse source
This commit is contained in:
Ezri Zhu 2024-09-28 23:02:03 -04:00
parent 9f4e740206
commit 41f8b999b6
Signed by: ezri
SSH key fingerprint: SHA256:PjS2hKMfl3gJ5Furjjq+kXa4ZvS1c0gb4/djAxxAf6c
4 changed files with 27 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
common/default.nix
View file

@ -4,6 +4,7 @@
imports = [ imports = [
./users.nix ./users.nix
./motd.nix ./motd.nix
./firewall.nix
]; ];
nix = { nix = {
@ -36,7 +37,6 @@
execWheelOnly = true; execWheelOnly = true;
}; };
networking.firewall.enable = false;
services.openssh = { services.openssh = {
enable = true; enable = true;
settings = { settings = {

26
common/firewall.nix Normal file
View file

@ -0,0 +1,26 @@
{ config, pkgs, ... }:
{
networking.firewall.enable = false;
networking.nftables = {
enable = true;
ruleset = ''
table inet filter {
chain input {
type filter hook input priority 0; policy accept;
}
chain forward {
type filter hook forward priority 0; policy accept
}
chain output {
type filter hook output priority 0; policy accept
# Block outgoing mail traffic
tcp dport {25, 465, 587} drop
}
}
'';
};
}

1
hosts/jude.nix
View file

@ -23,7 +23,6 @@
time.timeZone = "America/Chicago"; time.timeZone = "America/Chicago";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
services.openssh.enable = true; services.openssh.enable = true;
networking.firewall.enable = false;
networking = { networking = {
hostName = "jade"; hostName = "jade";

1
hosts/nova.nix
View file

@ -23,7 +23,6 @@
time.timeZone = "Europe/London"; time.timeZone = "Europe/London";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
services.openssh.enable = true; services.openssh.enable = true;
networking.firewall.enable = false;
networking = { networking = {
hostName = "nova"; hostName = "nova";