home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

enable firewall again

Browse source 
replace iptables with nftables
disable reverse path filtering for all hosts
allow port 5353 for host running dnsmasq
closes #31
This commit is contained in:
Pim Kunis 2024-01-12 22:31:15 +01:00
parent efe9b57867
commit 6bcdd774ac
2 changed files with 8 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
nixos/modules/networking/default.nix
View file

@ -52,8 +52,12 @@ in {
config = { config = {
networking = { networking = {
domain = "hyp"; domain = "hyp";
# TODO: Enabling the firewall makes connectivity of LAN -> DMZ impossible... firewall = {
firewall.enable = false; enable = true;
checkReversePath = false;
};
nftables.enable = true;
useDHCP = false; useDHCP = false;
}; };

4
nixos/modules/networking/dmz/default.nix
View file

@ -22,8 +22,8 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ 53 ]; allowedTCPPorts = [ 53 5353 ];
allowedUDPPorts = [ 53 67 ]; allowedUDPPorts = [ 53 67 5353 ];
}; };
services = { services = {