vleeuwenmenno/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

adds DNS to allowedUDPPorts and removes WAN access block for internal services

Browse Source
This commit is contained in:
Menno van Leeuwen 2024-11-16 02:57:53 +01:00
parent 014badfa99
commit 08a1372f9f
Signed by: vleeuwenmenno
SSH Key Fingerprint: SHA256:OJFmjANpakwD3F2Rsws4GLtbdz1TJ5tkQF0RZmF0TRE
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
config/nixos/common/server.nix
View File

@ -36,6 +36,7 @@
allowedUDPPorts = [ allowedUDPPorts = [
51820 # WireGuard 51820 # WireGuard
53 # DNS
]; ];
# Internal ports # Internal ports
@ -68,9 +69,6 @@
# Allow established connections # Allow established connections
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# Block WAN access to internal services
iptables -I INPUT -i enp39s0 ! -s 192.168.0.0/16 -j DROP
# Allow internal network traffic # Allow internal network traffic
iptables -A INPUT -i docker0 -j ACCEPT iptables -A INPUT -i docker0 -j ACCEPT
iptables -A INPUT -i tailscale0 -j ACCEPT iptables -A INPUT -i tailscale0 -j ACCEPT