X-Git-Url: https://git.sourcephile.fr/julm/julm-nix.git/blobdiff_plain/06994d753c26fb21f19044fdfea4c83b62cab92f..cc2fc237b1b4f6e44e8a69b0abcc7d0beafa1d2e:/hosts/oignon/networking/nftables.nix

diff --git a/hosts/oignon/networking/nftables.nix b/hosts/oignon/networking/nftables.nix
index 0de752f..828c519 100644
--- a/hosts/oignon/networking/nftables.nix
+++ b/hosts/oignon/networking/nftables.nix
@@ -12,39 +12,25 @@ in
     enable = true;
     preCheckRuleset = ''
       sed -i ruleset.conf \
-        -e 's/ip daddr losurdo.wg//'
+        -e 's/ip daddr losurdo.sp//'
     '';
     ruleset = ''
       table inet filter {
-        chain input-intra {
-          tcp dport { ssh, 2222 } counter accept comment "SSH"
-          udp dport 60001-60010 counter accept comment "Mosh"
-          #tcp dport 4713 counter accept comment "pulseaudio"
-          tcp dport 5201 counter accept comment "iperf"
-        }
         chain input-net {
         }
 
         chain output-lan {
+          tcp dport { http, https } counter accept comment "HTTP(s)"
           tcp dport { ssh, 2222 } counter accept comment "SSH"
           udp dport 60001-60100 counter accept comment "Mosh"
           tcp dport bootps counter accept comment "DHCP"
           tcp dport { 4444, 5555 } counter accept
           tcp dport 5201 counter accept comment "iperf"
         }
-        chain output-intra {
-          tcp dport { ssh, 2222 } counter accept comment "SSH"
-          udp dport 60001-60100 counter accept comment "Mosh"
-          tcp dport { http, https } counter accept comment "HTTP"
-          tcp dport git counter accept comment "Git"
-          tcp dport 5201 counter accept comment "iperf"
-          ip daddr losurdo.wg tcp dport 9091 counter accept comment "transmission"
-        }
         chain output-net {
           tcp dport { ssh, 2222, 20022 } counter accept comment "SSH"
           udp dport 60001-60100 counter accept comment "Mosh"
           udp dport ntp skuid ${users.systemd-timesync.name} counter accept comment "NTP"
-          meta l4proto { udp, tcp } skuid dnscrypt-proxy2 counter accept comment "dnscrypt-proxy2"
           tcp dport { http, https } counter accept comment "HTTP"
           tcp dport git counter accept comment "Git"
           tcp dport imaps counter accept comment "IMAPS"
@@ -54,6 +40,7 @@ in
           tcp dport 5281 counter accept comment "XMPP HTTPS"
           tcp dport nntps counter accept comment "NNTPS"
           tcp dport 5201 counter accept comment "iperf"
+          tcp dport 8776 counter accept comment "radicle-node"
         }
       }
     '';