voronind/nix
0
0
Fork 0
Code Issues 38 Pull requests Packages Projects Releases Wiki Activity

Home: Fix fw tabs.

Browse source
This commit is contained in:
Dmitry Voronin 2025-01-01 20:03:01 +03:00
parent 4fd525cafa
commit 9015f893e0
Signed by: voronind
SSH key fingerprint: SHA256:3kBb4iV2ahufEBNq+vFbUe4QYfHt98DHQjN7QaptY9k
1 changed files with 25 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

50
host/x86_64-linux/home/Network.nix
View file

@ -162,39 +162,39 @@ in
firewall = { firewall = {
enable = true; enable = true;
extraCommands = util.trimTabs '' extraCommands = util.trimTabs ''
# Wan access for 10.0.0.0/24 subnet. # Wan access for 10.0.0.0/24 subnet.
iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -d 0/0 -o ${wan} -j MASQUERADE iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -d 0/0 -o ${wan} -j MASQUERADE
# Full access from Lan. # Full access from Lan.
iptables -I INPUT -j ACCEPT -i ${lan} -d ${internal} iptables -I INPUT -j ACCEPT -i ${lan} -d ${internal}
ip6tables -I INPUT -j ACCEPT -i ${lan} -d ${internal6} ip6tables -I INPUT -j ACCEPT -i ${lan} -d ${internal6}
# Public email server. # Public email server.
ip46tables -I INPUT -j ACCEPT -i ${wan} -p tcp --dport 25 ip46tables -I INPUT -j ACCEPT -i ${wan} -p tcp --dport 25
# Public VPN service. # Public VPN service.
ip46tables -I INPUT -j ACCEPT -i ${wan} -p udp --dport 22145 ip46tables -I INPUT -j ACCEPT -i ${wan} -p udp --dport 22145
iptables -I INPUT -j ACCEPT -s 10.0.1.0/24 -d ${internal} iptables -I INPUT -j ACCEPT -s 10.0.1.0/24 -d ${internal}
# Public Nginx. # Public Nginx.
ip46tables -I INPUT -j ACCEPT -i ${wan} -p tcp --dport 443 ip46tables -I INPUT -j ACCEPT -i ${wan} -p tcp --dport 443
# Deluge torrenting ports. # Deluge torrenting ports.
ip46tables -I INPUT -j ACCEPT -i ${wan} -p tcp --dport 54630 ip46tables -I INPUT -j ACCEPT -i ${wan} -p tcp --dport 54630
ip46tables -I INPUT -j ACCEPT -i ${wan} -p udp --dport 54630 ip46tables -I INPUT -j ACCEPT -i ${wan} -p udp --dport 54630
ip46tables -I INPUT -j ACCEPT -i ${wan} -p tcp --dport 54631 ip46tables -I INPUT -j ACCEPT -i ${wan} -p tcp --dport 54631
ip46tables -I INPUT -j ACCEPT -i ${wan} -p udp --dport 54631 ip46tables -I INPUT -j ACCEPT -i ${wan} -p udp --dport 54631
# Terraria server. # Terraria server.
ip46tables -I INPUT -j ACCEPT -i ${wan} -p tcp --dport 22777 ip46tables -I INPUT -j ACCEPT -i ${wan} -p tcp --dport 22777
# Mumble. # Mumble.
ip46tables -I INPUT -j ACCEPT -i ${wan} -p tcp --dport 22666 ip46tables -I INPUT -j ACCEPT -i ${wan} -p tcp --dport 22666
ip46tables -I INPUT -j ACCEPT -i ${wan} -p udp --dport 22666 ip46tables -I INPUT -j ACCEPT -i ${wan} -p udp --dport 22666
# Public SSH access. # Public SSH access.
# ip46tables -I INPUT -j ACCEPT -i ${wan} -p tcp --dport 22143 # ip46tables -I INPUT -j ACCEPT -i ${wan} -p tcp --dport 22143
''; '';
}; };
}; };
} }