make parsons/nftables.nix nicer #10
1 changed files with 10 additions and 2 deletions
|
@ -1,5 +1,13 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
cfg = config.networking.firewall;
|
||||
mkPorts = ports: ranges:
|
||||
lib.strings.concatStringsSep ", "
|
||||
(map ({from, to}: "${toString from}-${toString to}") ranges
|
||||
++
|
||||
map toString ports);
|
||||
in
|
||||
{
|
||||
networking.firewall.enable = false;
|
||||
networking.nat.enable = false;
|
||||
|
@ -39,9 +47,9 @@
|
|||
|
||||
iifname { lo } accept
|
||||
|
||||
tcp dport { 25, 80, 443, 465, 587, 993, 4190, 62954, 64738 } accept
|
||||
tcp dport { ${mkPorts cfg.allowedTCPPorts cfg.allowedTCPPortRanges} } accept
|
||||
|
||||
udp dport { 60000-61000, 64738 } accept
|
||||
udp dport { ${mkPorts cfg.allowedUDPPorts cfg.allowedUDPPortRanges} } accept
|
||||
|
||||
# DHCPv6
|
||||
ip6 daddr fe80::/64 udp dport 546 accept
|
||||
|
|
Loading…
Reference in a new issue