From a8a783ae9c57906a88c2ad7945476989e5ae2730 Mon Sep 17 00:00:00 2001 From: Mark Nipper Date: Wed, 19 Jun 2024 16:01:35 -0700 Subject: Adjust firewall rules --- hosts/darkstar/services.nix | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) (limited to 'hosts/darkstar/services.nix') diff --git a/hosts/darkstar/services.nix b/hosts/darkstar/services.nix index 16a945d..67bfc1b 100644 --- a/hosts/darkstar/services.nix +++ b/hosts/darkstar/services.nix @@ -1,15 +1,16 @@ { - networking.nftables.tables.ntp = { - content = '' - define int_if = enp116s0 - - chain input { - type filter hook input priority filter - 1; policy accept; - iifname $int_if udp dport ntp accept # 123 - } - ''; - enable = true; - family = "inet"; + networking = { + firewall = { + allowedTCPPorts = [ + 53 # domain + ]; + allowedUDPPorts = [ + 53 # domain + ]; + interfaces.enp116s0.allowedUDPPorts = [ + 123 # ntp + ]; + }; }; services.chrony = { -- cgit v1.2.3