Network: Replace fw rules with full network access.
This commit is contained in:
parent
301f08b899
commit
1069d65572
|
@ -1,17 +1,9 @@
|
|||
{ ... }: {
|
||||
networking = {
|
||||
firewall.extraCommands = ''
|
||||
# Ssh access.
|
||||
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p tcp --dport 22143
|
||||
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22143
|
||||
|
||||
# Syncthing.
|
||||
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p tcp --dport 22000
|
||||
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 22000
|
||||
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 21027
|
||||
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22000
|
||||
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 22000
|
||||
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 21027
|
||||
# Local access.
|
||||
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8
|
||||
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,17 +1,9 @@
|
|||
{ ... }: {
|
||||
networking = {
|
||||
firewall.extraCommands = ''
|
||||
# Ssh access.
|
||||
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p tcp --dport 22143
|
||||
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22143
|
||||
|
||||
# Syncthing.
|
||||
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p tcp --dport 22000
|
||||
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 22000
|
||||
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 21027
|
||||
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22000
|
||||
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 22000
|
||||
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 21027
|
||||
# Local access.
|
||||
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8
|
||||
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,17 +1,9 @@
|
|||
{ ... }: {
|
||||
networking = {
|
||||
firewall.extraCommands = ''
|
||||
# Ssh access.
|
||||
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p tcp --dport 22143
|
||||
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22143
|
||||
|
||||
# Syncthing.
|
||||
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p tcp --dport 22000
|
||||
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 22000
|
||||
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 21027
|
||||
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22000
|
||||
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 22000
|
||||
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 21027
|
||||
# Local access.
|
||||
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8
|
||||
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,17 +1,9 @@
|
|||
{ ... }: {
|
||||
networking = {
|
||||
firewall.extraCommands = ''
|
||||
# Ssh access.
|
||||
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p tcp --dport 22143
|
||||
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22143
|
||||
|
||||
# Syncthing.
|
||||
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p tcp --dport 22000
|
||||
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 22000
|
||||
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 21027
|
||||
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22000
|
||||
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 22000
|
||||
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 21027
|
||||
# Local access.
|
||||
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8
|
||||
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,17 +1,9 @@
|
|||
{ ... }: {
|
||||
networking = {
|
||||
firewall.extraCommands = ''
|
||||
# Ssh access.
|
||||
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p tcp --dport 22143
|
||||
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22143
|
||||
|
||||
# Syncthing.
|
||||
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p tcp --dport 22000
|
||||
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 22000
|
||||
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 21027
|
||||
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22000
|
||||
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 22000
|
||||
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 21027
|
||||
# Local access.
|
||||
iptables -I INPUT -j ACCEPT -s 10.0.0.0/8
|
||||
ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue