Skip to content

Commit 64b3a07

Browse files
randomizedcoderrandomizedcoder
committed
nftables
1 parent 335600a commit 64b3a07

File tree

3 files changed

+46
-2
lines changed

3 files changed

+46
-2
lines changed

Makefile

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
#
2+
# Makefile
3+
#
4+
hp0:
5+
scp ./hp0/configuration.nix hp0:
6+
7+
hp3:
8+
scp ./hp3/configuration.nix hp3:

hp0/configuration.nix

Lines changed: 19 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -169,6 +169,8 @@
169169
wget
170170
tcpdump
171171
iproute2
172+
nftables
173+
iptables
172174
pciutils
173175
usbutils
174176
iw
@@ -194,13 +196,29 @@
194196
# services.openssh.enable = true;
195197
services.openssh.enable = true;
196198

197-
198199
# Open ports in the firewall.
199200
# networking.firewall.allowedTCPPorts = [ ... ];
200201
# networking.firewall.allowedUDPPorts = [ ... ];
201202
# Or disable the firewall altogether.
202203
# networking.firewall.enable = false;
203204

205+
# https://nixos.wiki/wiki/Firewall
206+
# https://scvalex.net/posts/54/
207+
# nft --stateless list table filter
208+
networking.firewall = {
209+
enable = true;
210+
allowedTCPPorts = [
211+
22 # ssh
212+
5001 # iperf2
213+
];
214+
# allowedTCPPorts = [ 22 5001 ];
215+
# #allowedUDPPortRanges = [
216+
# # { from = 4000; to = 4007; }
217+
# # { from = 8000; to = 8010; }
218+
# #];
219+
};
220+
# networking.firewall.interfaces."eth0".allowedTCPPorts = [ 80 443 ];
221+
204222
# This value determines the NixOS release from which the default
205223
# settings for stateful data, like file locations and database versions
206224
# on your system were taken. It‘s perfectly fine and recommended to leave

hp3/configuration.nix

Lines changed: 19 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -169,6 +169,8 @@
169169
wget
170170
tcpdump
171171
iproute2
172+
nftables
173+
iptables
172174
pciutils
173175
usbutils
174176
iw
@@ -194,13 +196,29 @@
194196
# services.openssh.enable = true;
195197
services.openssh.enable = true;
196198

197-
198199
# Open ports in the firewall.
199200
# networking.firewall.allowedTCPPorts = [ ... ];
200201
# networking.firewall.allowedUDPPorts = [ ... ];
201202
# Or disable the firewall altogether.
202203
# networking.firewall.enable = false;
203204

205+
# https://nixos.wiki/wiki/Firewall
206+
# https://scvalex.net/posts/54/
207+
# nft --stateless list table filter
208+
networking.firewall = {
209+
enable = true;
210+
allowedTCPPorts = [
211+
22 # ssh
212+
5001 # iperf2
213+
];
214+
# allowedTCPPorts = [ 22 5001 ];
215+
# #allowedUDPPortRanges = [
216+
# # { from = 4000; to = 4007; }
217+
# # { from = 8000; to = 8010; }
218+
# #];
219+
};
220+
# networking.firewall.interfaces."eth0".allowedTCPPorts = [ 80 443 ];
221+
204222
# This value determines the NixOS release from which the default
205223
# settings for stateful data, like file locations and database versions
206224
# on your system were taken. It‘s perfectly fine and recommended to leave

0 commit comments

Comments
 (0)