1 { pkgs, lib, config, hostName, ... }:
3 inherit (config.users) users;
6 networking.firewall.enable = false;
7 security.lockKernelModules = false;
8 systemd.services.disable-kernel-module-loading.after = [ "nftables.service" ];
9 # echo -e "$(nix eval hosts.aubergine.config.networking.nftables.ruleset)"
11 networking.nftables = {
16 tcp dport { ssh, 2222 } counter accept comment "SSH"
17 udp dport 60001-60010 counter accept comment "Mosh"
18 #tcp dport 4713 counter accept comment "pulseaudio"
19 tcp dport 5201 counter accept comment "iperf"
25 tcp dport { ssh, 2222 } counter accept comment "SSH"
26 udp dport 60001-60100 counter accept comment "Mosh"
27 tcp dport bootps counter accept comment "DHCP"
28 tcp dport { 4444, 5555 } counter accept
29 tcp dport 5201 counter accept comment "iperf"
32 tcp dport { ssh, 2222 } counter accept comment "SSH"
33 udp dport 60001-60100 counter accept comment "Mosh"
34 tcp dport { http, https } counter accept comment "HTTP"
35 tcp dport git counter accept comment "Git"
36 tcp dport 5201 counter accept comment "iperf"
39 tcp dport { ssh, 2222 } counter accept comment "SSH"
40 udp dport 60001-60100 counter accept comment "Mosh"
41 udp dport ntp skuid ${users.systemd-timesync.name} counter accept comment "NTP"
42 meta l4proto { udp, tcp } skuid dnscrypt-proxy2 counter accept comment "dnscrypt-proxy2"
43 tcp dport { http, https } counter accept comment "HTTP"
44 tcp dport git counter accept comment "Git"
45 tcp dport imaps counter accept comment "IMAPS"
46 tcp dport submissions counter accept comment "SMTPS"
47 tcp dport xmpp-client counter accept comment "XMPP"
48 tcp dport nntps counter accept comment "NNTPS"
49 tcp dport 5201 counter accept comment "iperf"