From a8a783ae9c57906a88c2ad7945476989e5ae2730 Mon Sep 17 00:00:00 2001 From: Mark Nipper Date: Wed, 19 Jun 2024 16:01:35 -0700 Subject: Adjust firewall rules --- hosts/common/optional/services/asterisk.nix | 4 ++++ hosts/darkstar/default.nix | 8 -------- hosts/darkstar/services.nix | 23 ++++++++++++----------- 3 files changed, 16 insertions(+), 19 deletions(-) diff --git a/hosts/common/optional/services/asterisk.nix b/hosts/common/optional/services/asterisk.nix index 0ea66cd..d638a3c 100644 --- a/hosts/common/optional/services/asterisk.nix +++ b/hosts/common/optional/services/asterisk.nix @@ -1,5 +1,9 @@ { config, lib, pkgs, ... }: { + networking.firewall.interfaces.enp116s0.allowedUDPPorts = [ + 5060 # sip + ]; + services.asterisk = { confFiles = { "cdr.conf" = '' diff --git a/hosts/darkstar/default.nix b/hosts/darkstar/default.nix index e7ec09c..0c4596b 100644 --- a/hosts/darkstar/default.nix +++ b/hosts/darkstar/default.nix @@ -44,14 +44,6 @@ hostName = "darkstar"; #defaultGateway = "192.168.1.1"; domain = "bitgnome.net"; - firewall = { - allowedTCPPorts = [ - 53 # domain - ]; - allowedUDPPorts = [ - 53 # domain - ]; - }; interfaces = { enp116s0 = { ipv4.addresses = [ diff --git a/hosts/darkstar/services.nix b/hosts/darkstar/services.nix index 16a945d..67bfc1b 100644 --- a/hosts/darkstar/services.nix +++ b/hosts/darkstar/services.nix @@ -1,15 +1,16 @@ { - networking.nftables.tables.ntp = { - content = '' - define int_if = enp116s0 - - chain input { - type filter hook input priority filter - 1; policy accept; - iifname $int_if udp dport ntp accept # 123 - } - ''; - enable = true; - family = "inet"; + networking = { + firewall = { + allowedTCPPorts = [ + 53 # domain + ]; + allowedUDPPorts = [ + 53 # domain + ]; + interfaces.enp116s0.allowedUDPPorts = [ + 123 # ntp + ]; + }; }; services.chrony = { -- cgit v1.2.3