cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity

small changes to firewall

Browse Source
This commit is contained in:
cnst
2025-07-20 16:49:50 +02:00
parent 35f04e7941
commit d5a78ca9d3
1 changed files with 31 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
hosts/sobotka/default.nix
View File

@@ -44,17 +44,37 @@ in {
networking = {
hostName = "sobotka";
domain = "cnst.dev";
firewall.extraCommands = ''
# Allow LAN access to Deluge Web UI
nft add rule inet filter input ip saddr 192.168.88.0/24 tcp dport 8112 accept
# Allow LAN access to Deluge daemon and torrent port
nft add rule inet filter input ip saddr 192.168.88.0/24 udp dport { 58846, 6881 } accept
# Block all other access to those ports
nft add rule inet filter input tcp dport 8112 drop
nft add rule inet filter input udp dport { 58846, 6881 } drop
'';
nftables.tables = {
filter = {
family = "inet";
chains.input.rules = [
{
match = "ip saddr 127.0.0.1 tcp dport 8112";
action = "accept";
}
{
match = "ip saddr 192.168.88.0/24 tcp dport 8112";
action = "accept";
}
{
match = "ip saddr 127.0.0.1 udp dport { 58846, 6881 }";
action = "accept";
}
{
match = "ip saddr 192.168.88.0/24 udp dport { 58846, 6881 }";
action = "accept";
}
{
match = "tcp dport 8112";
action = "drop";
}
{
match = "udp dport { 58846, 6881 }";
action = "drop";
}
];
};
};
};
powerManagement.enable = false;