cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity

small changes to firewall 3

Browse Source
This commit is contained in:
cnst
2025-07-20 16:56:21 +02:00
parent 612d843e97
commit 60a8524de3
1 changed files with 27 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
hosts/sobotka/default.nix
View File

@@ -48,44 +48,42 @@ in {
filter = { filter = {
family = "inet"; family = "inet";
content = '' content = ''
table inet filter { chain input {
chain input { type filter hook input priority 0;
type filter hook input priority 0;
# Accept localhost traffic # Accept localhost traffic
iifname lo accept iifname lo accept
# Accept established/related traffic # Accept established/related traffic
ct state { established, related } accept ct state { established, related } accept
# Allow ICMP (ping etc.) # Allow ICMP (ping etc.)
ip protocol icmp accept ip protocol icmp accept
ip6 nexthdr icmpv6 accept ip6 nexthdr icmpv6 accept
# Allow SSH # Allow SSH
tcp dport 22 accept tcp dport 22 accept
# --- Custom rules for Deluge --- # --- Custom rules for Deluge ---
ip saddr 192.168.88.0/24 tcp dport 8112 accept ip saddr 192.168.88.0/24 tcp dport 8112 accept
ip saddr 192.168.88.0/24 udp dport { 58846, 6881 } accept ip saddr 192.168.88.0/24 udp dport { 58846, 6881 } accept
# Drop other external access to these ports # Drop other external access to these ports
tcp dport 8112 drop tcp dport 8112 drop
udp dport { 58846, 6881 } drop udp dport { 58846, 6881 } drop
# Default deny # Default deny
counter drop counter drop
} }
chain forward { chain forward {
type filter hook forward priority 0; type filter hook forward priority 0;
accept accept
} }
chain output { chain output {
type filter hook output priority 0; type filter hook output priority 0;
accept accept
}
} }
''; '';
}; };