surtr: nftables...

author: Gregor Kleen <gkleen@yggdrasil.li> 2021-12-13 18:05:49 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2021-12-13 18:05:49 +0100
commit: f45049f99883b780199a3197e3cbe269e91ca8b2 (patch)
tree: 32648d99d54d95ae2356bbd18e9f67b5b8f46da1
parent: 49ff295e286c9578fa5c53ea6d8b41cf4919e074 (diff)
download: nixos-f45049f99883b780199a3197e3cbe269e91ca8b2.tar
nixos-f45049f99883b780199a3197e3cbe269e91ca8b2.tar.gz
nixos-f45049f99883b780199a3197e3cbe269e91ca8b2.tar.bz2
nixos-f45049f99883b780199a3197e3cbe269e91ca8b2.tar.xz
nixos-f45049f99883b780199a3197e3cbe269e91ca8b2.zip
1 files changed, 0 insertions, 14 deletions
diff --git a/hosts/surtr/default.nix b/hosts/surtr/default.nix
index 61d28f22..cd43b157 100644
--- a/hosts/surtr/default.nix
+++ b/hosts/surtr/default.nix
@@ -69,20 +69,6 @@
        enable = true;
        rulesetFile = ./ruleset.nft;
      };
-      firewall = {
-        enable = true;
-        allowPing = true;
-        allowedTCPPorts = [
-          22 # ssh
-        ];
-        allowedUDPPorts = [
-          51820 51821 # wireguard
-        ];
-        allowedUDPPortRanges = [
-          { from = 60000; to = 61000; } # mosh
-        ];
-      };
    };
    systemd.network.networks."40-ens3".networkConfig = {
author	Gregor Kleen <gkleen@yggdrasil.li>	2021-12-13 18:05:49 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2021-12-13 18:05:49 +0100
commit	f45049f99883b780199a3197e3cbe269e91ca8b2 (patch)
tree	32648d99d54d95ae2356bbd18e9f67b5b8f46da1
parent	49ff295e286c9578fa5c53ea6d8b41cf4919e074 (diff)
download	nixos-f45049f99883b780199a3197e3cbe269e91ca8b2.tar nixos-f45049f99883b780199a3197e3cbe269e91ca8b2.tar.gz nixos-f45049f99883b780199a3197e3cbe269e91ca8b2.tar.bz2 nixos-f45049f99883b780199a3197e3cbe269e91ca8b2.tar.xz nixos-f45049f99883b780199a3197e3cbe269e91ca8b2.zip

diff --git a/hosts/surtr/default.nix b/hosts/surtr/default.nix index 61d28f22..cd43b157 100644 --- a/hosts/surtr/default.nix +++ b/hosts/surtr/default.nix
@@ -69,20 +69,6 @@
69	enable = true;	69	enable = true;
70	rulesetFile = ./ruleset.nft;	70	rulesetFile = ./ruleset.nft;
71	};	71	};
72
73	firewall = {
74	enable = true;
75	allowPing = true;
76	allowedTCPPorts = [
77	22 # ssh
78	];
79	allowedUDPPorts = [
80	51820 51821 # wireguard
81	];
82	allowedUDPPortRanges = [
83	{ from = 60000; to = 61000; } # mosh
84	];
85	};
86	};	72	};
87		73
88	systemd.network.networks."40-ens3".networkConfig = {	74	systemd.network.networks."40-ens3".networkConfig = {