Network: Replace fw rules with full network access.

This commit is contained in:
Dmitry Voronin 2024-12-13 10:56:42 +03:00
parent 301f08b899
commit 1069d65572
5 changed files with 15 additions and 55 deletions

View file

@ -1,17 +1,9 @@
{ ... }: { { ... }: {
networking = { networking = {
firewall.extraCommands = '' firewall.extraCommands = ''
# Ssh access. # Local access.
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p tcp --dport 22143 iptables -I INPUT -j ACCEPT -s 10.0.0.0/8
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22143 ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48
# Syncthing.
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p tcp --dport 22000
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 22000
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 21027
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22000
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 22000
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 21027
''; '';
}; };
} }

View file

@ -1,17 +1,9 @@
{ ... }: { { ... }: {
networking = { networking = {
firewall.extraCommands = '' firewall.extraCommands = ''
# Ssh access. # Local access.
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p tcp --dport 22143 iptables -I INPUT -j ACCEPT -s 10.0.0.0/8
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22143 ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48
# Syncthing.
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p tcp --dport 22000
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 22000
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 21027
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22000
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 22000
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 21027
''; '';
}; };
} }

View file

@ -1,17 +1,9 @@
{ ... }: { { ... }: {
networking = { networking = {
firewall.extraCommands = '' firewall.extraCommands = ''
# Ssh access. # Local access.
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p tcp --dport 22143 iptables -I INPUT -j ACCEPT -s 10.0.0.0/8
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22143 ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48
# Syncthing.
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p tcp --dport 22000
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 22000
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 21027
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22000
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 22000
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 21027
''; '';
}; };
} }

View file

@ -1,17 +1,9 @@
{ ... }: { { ... }: {
networking = { networking = {
firewall.extraCommands = '' firewall.extraCommands = ''
# Ssh access. # Local access.
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p tcp --dport 22143 iptables -I INPUT -j ACCEPT -s 10.0.0.0/8
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22143 ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48
# Syncthing.
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p tcp --dport 22000
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 22000
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 21027
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22000
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 22000
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 21027
''; '';
}; };
} }

View file

@ -1,17 +1,9 @@
{ ... }: { { ... }: {
networking = { networking = {
firewall.extraCommands = '' firewall.extraCommands = ''
# Ssh access. # Local access.
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p tcp --dport 22143 iptables -I INPUT -j ACCEPT -s 10.0.0.0/8
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22143 ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48
# Syncthing.
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p tcp --dport 22000
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 22000
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 21027
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22000
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 22000
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 21027
''; '';
}; };
} }