cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity

small changes to firewall 2

Browse Source
This commit is contained in:
cnst
2025-07-20 16:53:54 +02:00
parent d5a78ca9d3
commit 612d843e97
1 changed files with 40 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
hosts/sobotka/default.nix
View File

@@ -47,32 +47,47 @@ in {
nftables.tables = {
filter = {
family = "inet";
chains.input.rules = [
{
match = "ip saddr 127.0.0.1 tcp dport 8112";
action = "accept";
content = ''
table inet filter {
chain input {
type filter hook input priority 0;
# Accept localhost traffic
iifname lo accept
# Accept established/related traffic
ct state { established, related } accept
# Allow ICMP (ping etc.)
ip protocol icmp accept
ip6 nexthdr icmpv6 accept
# Allow SSH
tcp dport 22 accept
# --- Custom rules for Deluge ---
ip saddr 192.168.88.0/24 tcp dport 8112 accept
ip saddr 192.168.88.0/24 udp dport { 58846, 6881 } accept
# Drop other external access to these ports
tcp dport 8112 drop
udp dport { 58846, 6881 } drop
# Default deny
counter drop
}
{
match = "ip saddr 192.168.88.0/24 tcp dport 8112";
action = "accept";
chain forward {
type filter hook forward priority 0;
accept
}
{
match = "ip saddr 127.0.0.1 udp dport { 58846, 6881 }";
action = "accept";
chain output {
type filter hook output priority 0;
accept
}
{
match = "ip saddr 192.168.88.0/24 udp dport { 58846, 6881 }";
action = "accept";
}
{
match = "tcp dport 8112";
action = "drop";
}
{
match = "udp dport { 58846, 6881 }";
action = "drop";
}
];
'';
};
};
};