diff --git a/hosts/sobotka/default.nix b/hosts/sobotka/default.nix index db22d732..52f20249 100644 --- a/hosts/sobotka/default.nix +++ b/hosts/sobotka/default.nix @@ -44,50 +44,6 @@ in { networking = { hostName = "sobotka"; domain = "cnst.dev"; - nftables.tables = { - filter = { - family = "inet"; - content = '' - chain input { - type filter hook input priority 0; - - # Accept localhost traffic - iifname lo accept - - # Accept established/related traffic - ct state { established, related } accept - - # Allow ICMP (ping etc.) - ip protocol icmp accept - ip6 nexthdr icmpv6 accept - - # Allow SSH - tcp dport 22 accept - - # --- Custom rules for Deluge --- - ip saddr 192.168.88.0/24 tcp dport 8112 accept - ip saddr 192.168.88.0/24 udp dport { 58846, 6881 } accept - - # Drop other external access to these ports - tcp dport 8112 drop - udp dport { 58846, 6881 } drop - - # Default deny - counter drop - } - - chain forward { - type filter hook forward priority 0; - accept - } - - chain output { - type filter hook output priority 0; - accept - } - ''; - }; - }; }; powerManagement.enable = false; diff --git a/hosts/sobotka/modules.nix b/hosts/sobotka/modules.nix index bfd6439a..6059c074 100644 --- a/hosts/sobotka/modules.nix +++ b/hosts/sobotka/modules.nix @@ -30,7 +30,8 @@ enable = true; interfaces = { "enp6s0" = { - allowedTCPPorts = [22 80 443]; + allowedTCPPorts = [22 80 443 8112]; + allowedUDPPorts = [58846 6881]; }; }; }; diff --git a/modules/server/deluge/default.nix b/modules/server/deluge/default.nix index 0fed696b..6adcac81 100644 --- a/modules/server/deluge/default.nix +++ b/modules/server/deluge/default.nix @@ -47,8 +47,8 @@ in { autoStart = true; dependsOn = ["gluetun"]; ports = [ - "192.168.88.14:8112:8112" - "192.168.88.14:58846:58846" + "0.0.0.0:8112:8112" + "0.0.0.0:58846:58846" ]; extraOptions = [ "--network=container:gluetun"