cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity

small changes to firewall

Browse Source
This commit is contained in:
cnst
2025-07-20 16:49:50 +02:00
parent 35f04e7941
commit d5a78ca9d3
1 changed files with 31 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
hosts/sobotka/default.nix
View File

@@ -44,17 +44,37 @@ in {
networking = { networking = {
hostName = "sobotka"; hostName = "sobotka";
domain = "cnst.dev"; domain = "cnst.dev";
firewall.extraCommands = '' nftables.tables = {
# Allow LAN access to Deluge Web UI filter = {
nft add rule inet filter input ip saddr 192.168.88.0/24 tcp dport 8112 accept family = "inet";
chains.input.rules = [
# Allow LAN access to Deluge daemon and torrent port {
nft add rule inet filter input ip saddr 192.168.88.0/24 udp dport { 58846, 6881 } accept match = "ip saddr 127.0.0.1 tcp dport 8112";
action = "accept";
# Block all other access to those ports }
nft add rule inet filter input tcp dport 8112 drop {
nft add rule inet filter input udp dport { 58846, 6881 } drop match = "ip saddr 192.168.88.0/24 tcp dport 8112";
''; action = "accept";
}
{
match = "ip saddr 127.0.0.1 udp dport { 58846, 6881 }";
action = "accept";
}
{
match = "ip saddr 192.168.88.0/24 udp dport { 58846, 6881 }";
action = "accept";
}
{
match = "tcp dport 8112";
action = "drop";
}
{
match = "udp dport { 58846, 6881 }";
action = "drop";
}
];
};
};
}; };
powerManagement.enable = false; powerManagement.enable = false;