diff options
author | makefu <github@syntax-fehler.de> | 2015-11-10 18:53:31 +0100 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2015-11-10 18:53:31 +0100 |
commit | 1136c6b10e3d12835ef796a031103b78d278f2c0 (patch) | |
tree | f0034654f6160f060bb06d7e6d56d0452af7f5be | |
parent | b6a8ddfec71059580f7a35e75fcff9cb6398e7d8 (diff) |
m 1 gum:update firewall
-rw-r--r-- | 1systems/gum.nix | 26 |
1 files changed, 22 insertions, 4 deletions
diff --git a/1systems/gum.nix b/1systems/gum.nix index a028145ce..3a010220e 100644 --- a/1systems/gum.nix +++ b/1systems/gum.nix @@ -13,18 +13,36 @@ in { # ../2configs/iodined.nix ]; + + krebs.build.target = "root@gum.krebsco.de"; + krebs.build.host = config.krebs.hosts.gum; + + # Hardware boot.loader.grub.device = "/dev/sda"; - boot.loader.grub.splashImage = null; boot.initrd.availableKernelModules = [ "pata_via" "uhci_hcd" ]; boot.kernelModules = [ "kvm-intel" ]; - krebs.build.target = "root@gum.krebsco.de"; - krebs.build.host = config.krebs.hosts.gum; + + # Network services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0" ''; networking = { - firewall.allowPing = true; + firewall = { + allowPing = true; + allowedTCPPorts = [ + # smtp + 25 + # http + 80 443 + # tinc + 655 + ]; + allowedUDPPorts = [ + # tinc + 655 53 + ]; + }; interfaces.et0.ip4 = [{ address = external-ip; prefixLength = 24; |