firewall: limitation NFS et Slimserver au LAN

2019-04-27 11:34:17 +02:00 · 2019-04-27 11:34:17 +02:00 · e53f70e680
commit e53f70e680
parent ef0a6f3cc9
2 changed files with 15 additions and 10 deletions
--- a/systems/LoutreOS/configuration.nix
+++ b/systems/LoutreOS/configuration.nix
@ -83,6 +83,21 @@ in
      internalInterfaces = [ "eno2" ];
    };

+    firewall = {
+      allowedTCPPorts = [ ];
+      allowedUDPPorts = [ ];
+      interfaces.eno2 = {
+        allowedTCPPorts = [
+          111 2049 4000 4001 4002 # NFS
+          3483 9000 9090 # Slimserver
+        ];
+        allowedUDPPorts = [
+          111 2049 4000 4001 4002 # NFS
+          3483 # Slimserver
+        ];
+      };
+      enable = true;
+    };
  };

  services.dhcpd4 = {
@ -108,12 +123,6 @@ in
    passwordAuthentication = false;
  };

-  networking.firewall = {
-    allowedTCPPorts = [ ];
-    allowedUDPPorts = [ ];
-    enable = true;
-  };
-
  security.sudo.wheelNeedsPassword = false;

  system.stateVersion = "18.03";
--- a/systems/LoutreOS/services.nix
+++ b/systems/LoutreOS/services.nix
@ -436,8 +436,6 @@ in
    };

    firewall.allowedTCPPorts = [
-      111 2049 4000 4001 4002 # NFS
-      3483 9000 9090 # Slimserver
      51413 # Transmission
      8448 # Matrix federation
      20 21 # FTP
@ -448,8 +446,6 @@ in
    ];

    firewall.allowedUDPPorts = [
-      111 2049 4000 4001 4002 # NFS
-      3483 # Slimserver
      51413 # Transmission
      51820 # Wireguard
    ];