make parsons/nftables.nix nicer #10
1 changed files with 10 additions and 2 deletions
|
@ -1,5 +1,13 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.networking.firewall;
|
||||||
|
mkPorts = ports: ranges:
|
||||||
|
lib.strings.concatStringsSep ", "
|
||||||
|
(map ({from, to}: "${toString from}-${toString to}") ranges
|
||||||
|
++
|
||||||
|
map toString ports);
|
||||||
|
in
|
||||||
{
|
{
|
||||||
networking.firewall.enable = false;
|
networking.firewall.enable = false;
|
||||||
networking.nat.enable = false;
|
networking.nat.enable = false;
|
||||||
|
@ -39,9 +47,9 @@
|
||||||
|
|
||||||
iifname { lo } accept
|
iifname { lo } accept
|
||||||
|
|
||||||
tcp dport { 25, 80, 443, 465, 587, 993, 4190, 62954, 64738 } accept
|
tcp dport { ${mkPorts cfg.allowedTCPPorts cfg.allowedTCPPortRanges} } accept
|
||||||
|
|
||||||
udp dport { 60000-61000, 64738 } accept
|
udp dport { ${mkPorts cfg.allowedUDPPorts cfg.allowedUDPPortRanges} } accept
|
||||||
|
|
||||||
# DHCPv6
|
# DHCPv6
|
||||||
ip6 daddr fe80::/64 udp dport 546 accept
|
ip6 daddr fe80::/64 udp dport 546 accept
|
||||||
|
|
Loading…
Reference in a new issue