From 3aeaee716ef93086acb54967cbcec874fe64867b Mon Sep 17 00:00:00 2001
From: Dmitry Voronin <hi@voronind.com>
Date: Fri, 13 Dec 2024 10:56:42 +0300
Subject: [PATCH] Network: Replace fw rules with full network access.

---
 host/x86_64-linux/dasha/Network.nix   | 14 +++-----------
 host/x86_64-linux/desktop/Network.nix | 14 +++-----------
 host/x86_64-linux/laptop/Network.nix  | 14 +++-----------
 host/x86_64-linux/max/Network.nix     | 14 +++-----------
 host/x86_64-linux/pocket/Network.nix  | 14 +++-----------
 5 files changed, 15 insertions(+), 55 deletions(-)

diff --git a/host/x86_64-linux/dasha/Network.nix b/host/x86_64-linux/dasha/Network.nix
index 9719b357..fd04c4c8 100644
--- a/host/x86_64-linux/dasha/Network.nix
+++ b/host/x86_64-linux/dasha/Network.nix
@@ -1,17 +1,9 @@
 { ... }: {
 	networking = {
 		firewall.extraCommands = ''
-			# Ssh access.
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8          -p tcp --dport 22143
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22143
-
-			# Syncthing.
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8 -p tcp --dport 22000
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 22000
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 21027
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22000
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 22000
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 21027
+			# Local access.
+			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8
+			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48
 		'';
 	};
 }
diff --git a/host/x86_64-linux/desktop/Network.nix b/host/x86_64-linux/desktop/Network.nix
index 9719b357..fd04c4c8 100644
--- a/host/x86_64-linux/desktop/Network.nix
+++ b/host/x86_64-linux/desktop/Network.nix
@@ -1,17 +1,9 @@
 { ... }: {
 	networking = {
 		firewall.extraCommands = ''
-			# Ssh access.
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8          -p tcp --dport 22143
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22143
-
-			# Syncthing.
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8 -p tcp --dport 22000
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 22000
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 21027
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22000
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 22000
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 21027
+			# Local access.
+			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8
+			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48
 		'';
 	};
 }
diff --git a/host/x86_64-linux/laptop/Network.nix b/host/x86_64-linux/laptop/Network.nix
index 9719b357..fd04c4c8 100644
--- a/host/x86_64-linux/laptop/Network.nix
+++ b/host/x86_64-linux/laptop/Network.nix
@@ -1,17 +1,9 @@
 { ... }: {
 	networking = {
 		firewall.extraCommands = ''
-			# Ssh access.
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8          -p tcp --dport 22143
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22143
-
-			# Syncthing.
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8 -p tcp --dport 22000
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 22000
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 21027
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22000
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 22000
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 21027
+			# Local access.
+			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8
+			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48
 		'';
 	};
 }
diff --git a/host/x86_64-linux/max/Network.nix b/host/x86_64-linux/max/Network.nix
index 9719b357..fd04c4c8 100644
--- a/host/x86_64-linux/max/Network.nix
+++ b/host/x86_64-linux/max/Network.nix
@@ -1,17 +1,9 @@
 { ... }: {
 	networking = {
 		firewall.extraCommands = ''
-			# Ssh access.
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8          -p tcp --dport 22143
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22143
-
-			# Syncthing.
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8 -p tcp --dport 22000
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 22000
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 21027
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22000
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 22000
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 21027
+			# Local access.
+			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8
+			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48
 		'';
 	};
 }
diff --git a/host/x86_64-linux/pocket/Network.nix b/host/x86_64-linux/pocket/Network.nix
index 9719b357..fd04c4c8 100644
--- a/host/x86_64-linux/pocket/Network.nix
+++ b/host/x86_64-linux/pocket/Network.nix
@@ -1,17 +1,9 @@
 { ... }: {
 	networking = {
 		firewall.extraCommands = ''
-			# Ssh access.
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8          -p tcp --dport 22143
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22143
-
-			# Syncthing.
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8 -p tcp --dport 22000
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 22000
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 21027
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22000
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 22000
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 21027
+			# Local access.
+			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8
+			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48
 		'';
 	};
 }