2024-12-18 09:40:11 +03:00
|
|
|
{ lib, ... }:
|
2024-12-08 22:25:43 +03:00
|
|
|
{
|
2024-12-18 09:40:11 +03:00
|
|
|
networking.firewall = {
|
|
|
|
|
enable = true;
|
2024-12-08 22:25:43 +03:00
|
|
|
|
2024-12-18 09:40:11 +03:00
|
|
|
# NOTE: Configure manually with `extraCommands`.
|
|
|
|
|
allowedTCPPortRanges = lib.mkForce [ ];
|
|
|
|
|
allowedTCPPorts = lib.mkForce [ ];
|
|
|
|
|
allowedUDPPortRanges = lib.mkForce [ ];
|
|
|
|
|
allowedUDPPorts = lib.mkForce [ ];
|
2024-12-08 22:25:43 +03:00
|
|
|
|
2024-12-18 09:40:11 +03:00
|
|
|
allowPing = true;
|
|
|
|
|
rejectPackets = false; # Drop.
|
2024-12-08 22:25:43 +03:00
|
|
|
|
2024-12-18 09:40:11 +03:00
|
|
|
logRefusedConnections = false;
|
|
|
|
|
logRefusedPackets = false;
|
|
|
|
|
logRefusedUnicastsOnly = true;
|
|
|
|
|
logReversePathDrops = false;
|
|
|
|
|
};
|
2024-03-04 00:34:39 +03:00
|
|
|
}
|
