networking.firewall

author: Gregor Kleen <gkleen@yggdrasil.li> 2015-06-16 20:48:08 +0200
committer: Gregor Kleen <gkleen@yggdrasil.li> 2015-06-16 20:48:08 +0200
commit: 48dce5d6d9d19e9c560313461574152dbb795487 (patch)
tree: 02ceef780467ee5545d8c4dfeb15afed5b58353d
parent: 68a238106319089e1af7dd65d1668ffde4007278 (diff)
download: nixos-48dce5d6d9d19e9c560313461574152dbb795487.tar
nixos-48dce5d6d9d19e9c560313461574152dbb795487.tar.gz
nixos-48dce5d6d9d19e9c560313461574152dbb795487.tar.bz2
nixos-48dce5d6d9d19e9c560313461574152dbb795487.tar.xz
nixos-48dce5d6d9d19e9c560313461574152dbb795487.zip
1 files changed, 9 insertions, 4 deletions
diff --git a/bragi.nix b/bragi.nix
index 9626c5ba..3ef65f26 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -20,10 +20,6 @@
  networking.hostId = "2af11085";
  networking.wireless.enable = true;
-  networking.firewall = {
-    enable = false;
-  };
  nixpkgs.config.packageOverrides = pkgs:
    {
      trivmix = let trivmix = pkgs.haskellPackages.callPackage ./custom/trivmix.nix {}; in
@@ -180,6 +176,15 @@
                         ];
  };
+  networking.firewall = {
+    enable = true;
+    allowPing = true;
+    allowTCPPorts = [ 22
+                    ];
+    allowUDPPortRanges = [ { from = 60000; to = 61000; } # mosh
+                         ];
+  };
  services.dhcpd = {
    enable = true;
    interfaces = "enp1s0";
author	Gregor Kleen <gkleen@yggdrasil.li>	2015-06-16 20:48:08 +0200
committer	Gregor Kleen <gkleen@yggdrasil.li>	2015-06-16 20:48:08 +0200
commit	48dce5d6d9d19e9c560313461574152dbb795487 (patch)
tree	02ceef780467ee5545d8c4dfeb15afed5b58353d
parent	68a238106319089e1af7dd65d1668ffde4007278 (diff)
download	nixos-48dce5d6d9d19e9c560313461574152dbb795487.tar nixos-48dce5d6d9d19e9c560313461574152dbb795487.tar.gz nixos-48dce5d6d9d19e9c560313461574152dbb795487.tar.bz2 nixos-48dce5d6d9d19e9c560313461574152dbb795487.tar.xz nixos-48dce5d6d9d19e9c560313461574152dbb795487.zip