sourcephile / git / julm / julm-nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
nix: add PR for kernel-hardening-checker
[julm/julm-nix.git] / hosts / oignon / networking / nftables.nix
diff --git a/hosts/oignon/networking/nftables.nix b/hosts/oignon/networking/nftables.nix
index 0de752fe1fbe4c575fe8586d929cf67c7a395afe..1ec0a97b763588edfdc21b237ee2434305270921 100644 (file)
--- a/hosts/oignon/networking/nftables.nix
+++ b/hosts/oignon/networking/nftables.nix
@@ -26,6 +26,7 @@ in
         }
 
         chain output-lan {
+          tcp dport { http, https } counter accept comment "HTTP(s)"
           tcp dport { ssh, 2222 } counter accept comment "SSH"
           udp dport 60001-60100 counter accept comment "Mosh"
           tcp dport bootps counter accept comment "DHCP"
@@ -44,7 +45,6 @@ in
           tcp dport { ssh, 2222, 20022 } counter accept comment "SSH"
           udp dport 60001-60100 counter accept comment "Mosh"
           udp dport ntp skuid ${users.systemd-timesync.name} counter accept comment "NTP"
-          meta l4proto { udp, tcp } skuid dnscrypt-proxy2 counter accept comment "dnscrypt-proxy2"
           tcp dport { http, https } counter accept comment "HTTP"
           tcp dport git counter accept comment "Git"
           tcp dport imaps counter accept comment "IMAPS"
julm's NixOS and home-manager configs