diff options
author | Mark Nipper <nipsy@bitgnome.net> | 2024-06-19 16:01:35 -0700 |
---|---|---|
committer | Mark Nipper <nipsy@bitgnome.net> | 2024-06-19 16:01:35 -0700 |
commit | a8a783ae9c57906a88c2ad7945476989e5ae2730 (patch) | |
tree | b4981691e1f03d7bad99215574eb0cdd6a4d039b /hosts/darkstar/services.nix | |
parent | bf56980cf0a2307b3814c86a08a54e2be6dd3d56 (diff) | |
download | nix-a8a783ae9c57906a88c2ad7945476989e5ae2730.tar nix-a8a783ae9c57906a88c2ad7945476989e5ae2730.tar.gz nix-a8a783ae9c57906a88c2ad7945476989e5ae2730.tar.bz2 nix-a8a783ae9c57906a88c2ad7945476989e5ae2730.tar.lz nix-a8a783ae9c57906a88c2ad7945476989e5ae2730.tar.xz nix-a8a783ae9c57906a88c2ad7945476989e5ae2730.tar.zst nix-a8a783ae9c57906a88c2ad7945476989e5ae2730.zip |
Adjust firewall rules
Diffstat (limited to 'hosts/darkstar/services.nix')
-rw-r--r-- | hosts/darkstar/services.nix | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/hosts/darkstar/services.nix b/hosts/darkstar/services.nix index 16a945d..67bfc1b 100644 --- a/hosts/darkstar/services.nix +++ b/hosts/darkstar/services.nix @@ -1,15 +1,16 @@ { - networking.nftables.tables.ntp = { - content = '' - define int_if = enp116s0 - - chain input { - type filter hook input priority filter - 1; policy accept; - iifname $int_if udp dport ntp accept # 123 - } - ''; - enable = true; - family = "inet"; + networking = { + firewall = { + allowedTCPPorts = [ + 53 # domain + ]; + allowedUDPPorts = [ + 53 # domain + ]; + interfaces.enp116s0.allowedUDPPorts = [ + 123 # ntp + ]; + }; }; services.chrony = { |