adds DNS to allowedUDPPorts and removes WAN access block for internal services

2024-11-16 02:57:53 +01:00 · 2024-11-16 02:57:53 +01:00 · 08a1372f9f
commit 08a1372f9f
parent 014badfa99
1 changed files with 1 additions and 3 deletions
--- a/config/nixos/common/server.nix
+++ b/config/nixos/common/server.nix
@ -36,6 +36,7 @@

      allowedUDPPorts = [
        51820 # WireGuard
+        53 # DNS
      ];

      # Internal ports
@ -68,9 +69,6 @@
        # Allow established connections
        iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

-        # Block WAN access to internal services
-        iptables -I INPUT -i enp39s0 ! -s 192.168.0.0/16 -j DROP
-
        # Allow internal network traffic
        iptables -A INPUT -i docker0 -j ACCEPT
        iptables -A INPUT -i tailscale0 -j ACCEPT