cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity

small changes to firewall 4

Browse Source
This commit is contained in:
cnst
2025-07-20 17:01:44 +02:00
parent 60a8524de3
commit 5bed3c89c6
3 changed files with 4 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
hosts/sobotka/default.nix
View File

@@ -44,50 +44,6 @@ in {
networking = { networking = {
hostName = "sobotka"; hostName = "sobotka";
domain = "cnst.dev"; domain = "cnst.dev";
nftables.tables = {
filter = {
family = "inet";
content = ''
chain input {
type filter hook input priority 0;
# Accept localhost traffic
iifname lo accept
# Accept established/related traffic
ct state { established, related } accept
# Allow ICMP (ping etc.)
ip protocol icmp accept
ip6 nexthdr icmpv6 accept
# Allow SSH
tcp dport 22 accept
# --- Custom rules for Deluge ---
ip saddr 192.168.88.0/24 tcp dport 8112 accept
ip saddr 192.168.88.0/24 udp dport { 58846, 6881 } accept
# Drop other external access to these ports
tcp dport 8112 drop
udp dport { 58846, 6881 } drop
# Default deny
counter drop
}
chain forward {
type filter hook forward priority 0;
accept
}
chain output {
type filter hook output priority 0;
accept
}
'';
};
};
}; };
powerManagement.enable = false; powerManagement.enable = false;

3
hosts/sobotka/modules.nix
View File

@@ -30,7 +30,8 @@
enable = true; enable = true;
interfaces = { interfaces = {
"enp6s0" = { "enp6s0" = {
allowedTCPPorts = [22 80 443]; allowedTCPPorts = [22 80 443 8112];
allowedUDPPorts = [58846 6881];
}; };
}; };
}; };

4
modules/server/deluge/default.nix
View File

@@ -47,8 +47,8 @@ in {
autoStart = true; autoStart = true;
dependsOn = ["gluetun"]; dependsOn = ["gluetun"];
ports = [ ports = [
"192.168.88.14:8112:8112" "0.0.0.0:8112:8112"
"192.168.88.14:58846:58846" "0.0.0.0:58846:58846"
]; ];
extraOptions = [ extraOptions = [
"--network=container:gluetun" "--network=container:gluetun"