nicks-nix-config/hosts/Alaska/modules/firewall.nix

{ config, pkgs, ...}:

let
in
{
  networking.firewall = {
      enable = true;
      allowedTCPPorts = [80 443 5432];

      extraCommands = with pkgs.lib; ''
        # ${pkgs.nftables}/bin/nft -f - <<EOF

        # EOF
        # Already handled by tailscale in ts-input
        # ${pkgs.nftables}/bin/nft insert rule filter nixos-fw ip saddr 100.64.0.0-100.64.255.255 iifname "enp2s0" counter jump nixos-fw-log-refuse
      '';
  };
}
moved firewall to dedicated file 2024-01-11 18:19:01 -08:00			`{ config, pkgs, ...}:`

			`let`
			`in`
			`{`
			`networking.firewall = {`
			`enable = true;`
			`allowedTCPPorts = [80 443 5432];`

			`extraCommands = with pkgs.lib; ''`
			`# ${pkgs.nftables}/bin/nft -f - <<EOF`

			`# EOF`
firewall changes 2024-01-11 18:42:13 -08:00			`# Already handled by tailscale in ts-input`
			`# ${pkgs.nftables}/bin/nft insert rule filter nixos-fw ip saddr 100.64.0.0-100.64.255.255 iifname "enp2s0" counter jump nixos-fw-log-refuse`
moved firewall to dedicated file 2024-01-11 18:19:01 -08:00			`'';`
firewall changes 2024-01-11 18:42:13 -08:00			`};`
moved firewall to dedicated file 2024-01-11 18:19:01 -08:00			`}`