# nft list ruleset
networking.nftables = {
enable = true;
+ preCheckRuleset = ''
+ sed -i ruleset.conf \
+ -e 's/ip daddr losurdo.wg//'
+ '';
ruleset = ''
table inet filter {
chain input-intra {
}
chain output-lan {
+ tcp dport { http, https } counter accept comment "HTTP(s)"
tcp dport { ssh, 2222 } counter accept comment "SSH"
udp dport 60001-60100 counter accept comment "Mosh"
tcp dport bootps counter accept comment "DHCP"
ip daddr losurdo.wg tcp dport 9091 counter accept comment "transmission"
}
chain output-net {
- tcp dport { ssh, 2222 } counter accept comment "SSH"
+ tcp dport { ssh, 2222, 20022 } counter accept comment "SSH"
udp dport 60001-60100 counter accept comment "Mosh"
udp dport ntp skuid ${users.systemd-timesync.name} counter accept comment "NTP"
- meta l4proto { udp, tcp } skuid dnscrypt-proxy2 counter accept comment "dnscrypt-proxy2"
tcp dport { http, https } counter accept comment "HTTP"
tcp dport git counter accept comment "Git"
tcp dport imaps counter accept comment "IMAPS"
tcp dport submissions counter accept comment "SMTPS"
- tcp dport { xmpp-client, 5281 } counter accept comment "XMPP"
+ tcp dport xmpp-client counter accept comment "XMPP client"
+ tcp dport 5223 counter accept comment "XMPP client direct TLS"
+ tcp dport 5281 counter accept comment "XMPP HTTPS"
tcp dport nntps counter accept comment "NNTPS"
tcp dport 5201 counter accept comment "iperf"
}
sourcephile / git / julm / julm-nix.git / blobdiff