diff options
author | makefu <github@syntax-fehler.de> | 2015-11-10 18:53:31 +0100 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2015-11-10 18:53:31 +0100 |
commit | b394c79051fbcf6cf072f2b9af75819d37cd2426 (patch) | |
tree | 43ada8203352d038d1f9eade80e62d94563e02c6 /makefu/1systems | |
parent | 94a394539dc7876a027c5d06aa623e507d82781b (diff) |
m 1 gum:update firewall
Diffstat (limited to 'makefu/1systems')
-rw-r--r-- | makefu/1systems/gum.nix | 26 |
1 files changed, 22 insertions, 4 deletions
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index a028145ce..3a010220e 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -13,18 +13,36 @@ in { # ../2configs/iodined.nix ]; + + krebs.build.target = "root@gum.krebsco.de"; + krebs.build.host = config.krebs.hosts.gum; + + # Hardware boot.loader.grub.device = "/dev/sda"; - boot.loader.grub.splashImage = null; boot.initrd.availableKernelModules = [ "pata_via" "uhci_hcd" ]; boot.kernelModules = [ "kvm-intel" ]; - krebs.build.target = "root@gum.krebsco.de"; - krebs.build.host = config.krebs.hosts.gum; + + # Network services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0" ''; networking = { - firewall.allowPing = true; + firewall = { + allowPing = true; + allowedTCPPorts = [ + # smtp + 25 + # http + 80 443 + # tinc + 655 + ]; + allowedUDPPorts = [ + # tinc + 655 53 + ]; + }; interfaces.et0.ip4 = [{ address = external-ip; prefixLength = 24; |