Network: Replace fw rules with full network access.

2024-12-13 10:56:42 +03:00 · 2024-12-13 10:56:42 +03:00 · 3aeaee716e
parent 7ba7e25072
commit 3aeaee716e
5 changed files with 15 additions and 55 deletions
--- a/host/x86_64-linux/dasha/Network.nix
+++ b/host/x86_64-linux/dasha/Network.nix
@ -1,17 +1,9 @@
 { ... }: {
 	networking = {
 		firewall.extraCommands = ''
-			# Ssh access.
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8          -p tcp --dport 22143
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22143
-
-			# Syncthing.
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8 -p tcp --dport 22000
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 22000
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 21027
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22000
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 22000
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 21027
+			# Local access.
+			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8
+			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48
 		'';
 	};
 }
--- a/host/x86_64-linux/desktop/Network.nix
+++ b/host/x86_64-linux/desktop/Network.nix
@ -1,17 +1,9 @@
 { ... }: {
 	networking = {
 		firewall.extraCommands = ''
-			# Ssh access.
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8          -p tcp --dport 22143
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22143
-
-			# Syncthing.
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8 -p tcp --dport 22000
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 22000
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 21027
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22000
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 22000
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 21027
+			# Local access.
+			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8
+			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48
 		'';
 	};
 }
--- a/host/x86_64-linux/laptop/Network.nix
+++ b/host/x86_64-linux/laptop/Network.nix
@ -1,17 +1,9 @@
 { ... }: {
 	networking = {
 		firewall.extraCommands = ''
-			# Ssh access.
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8          -p tcp --dport 22143
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22143
-
-			# Syncthing.
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8 -p tcp --dport 22000
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 22000
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 21027
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22000
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 22000
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 21027
+			# Local access.
+			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8
+			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48
 		'';
 	};
 }
--- a/host/x86_64-linux/max/Network.nix
+++ b/host/x86_64-linux/max/Network.nix
@ -1,17 +1,9 @@
 { ... }: {
 	networking = {
 		firewall.extraCommands = ''
-			# Ssh access.
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8          -p tcp --dport 22143
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22143
-
-			# Syncthing.
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8 -p tcp --dport 22000
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 22000
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 21027
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22000
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 22000
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 21027
+			# Local access.
+			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8
+			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48
 		'';
 	};
 }
--- a/host/x86_64-linux/pocket/Network.nix
+++ b/host/x86_64-linux/pocket/Network.nix
@ -1,17 +1,9 @@
 { ... }: {
 	networking = {
 		firewall.extraCommands = ''
-			# Ssh access.
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8          -p tcp --dport 22143
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22143
-
-			# Syncthing.
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8 -p tcp --dport 22000
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 22000
-			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8 -p udp --dport 21027
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22000
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 22000
-			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p udp --dport 21027
+			# Local access.
+			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8
+			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48
 		'';
 	};
 }