vleeuwenmenno/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

removes DNS from allowedUDPPorts and cleans up unused iptables rules

Browse Source
This commit is contained in:
Menno van Leeuwen 2024-11-16 02:58:59 +01:00
parent 08a1372f9f
commit a242530770
Signed by: vleeuwenmenno
SSH Key Fingerprint: SHA256:OJFmjANpakwD3F2Rsws4GLtbdz1TJ5tkQF0RZmF0TRE
1 changed files with 0 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
config/nixos/common/server.nix
View File

@ -36,7 +36,6 @@
allowedUDPPorts = [ allowedUDPPorts = [
51820 # WireGuard 51820 # WireGuard
53 # DNS
]; ];
# Internal ports # Internal ports
@ -65,28 +64,6 @@
"enp39s0".allowedTCPPorts = internalPorts; "enp39s0".allowedTCPPorts = internalPorts;
}; };
extraCommands = ''
# Allow established connections
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# Allow internal network traffic
iptables -A INPUT -i docker0 -j ACCEPT
iptables -A INPUT -i tailscale0 -j ACCEPT
iptables -A INPUT -s 192.168.86.0/24 -j ACCEPT
# Allow Docker inter-network communication
iptables -A FORWARD -i br-* -o br-* -j ACCEPT
iptables -A FORWARD -i docker0 -o br-* -j ACCEPT
iptables -A FORWARD -i br-* -o docker0 -j ACCEPT
# Allow Docker subnet traffic but only internally
iptables -A INPUT -s 172.16.0.0/12 -i docker0 -j ACCEPT
iptables -A INPUT -s 172.16.0.0/12 -i br-+ -j ACCEPT
# Allow Docker container communication
iptables -A DOCKER-USER -i docker0 -o docker0 -j ACCEPT
'';
# Required for Tailscale # Required for Tailscale
checkReversePath = "loose"; checkReversePath = "loose";
}; };