From e53f70e680eab3fdd1ca742e2fff322cdde6b6cb Mon Sep 17 00:00:00 2001
From: nyanloutre <paul@nyanlout.re>
Date: Sat, 27 Apr 2019 11:34:17 +0200
Subject: [PATCH] firewall: limitation NFS et Slimserver au LAN

---
 systems/LoutreOS/configuration.nix | 21 +++++++++++++++------
 systems/LoutreOS/services.nix      |  4 ----
 2 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix
index 8923f96..dc2d3f2 100644
--- a/systems/LoutreOS/configuration.nix
+++ b/systems/LoutreOS/configuration.nix
@@ -83,6 +83,21 @@ in
       internalInterfaces = [ "eno2" ];
     };
 
+    firewall = {
+      allowedTCPPorts = [ ];
+      allowedUDPPorts = [ ];
+      interfaces.eno2 = {
+        allowedTCPPorts = [
+          111 2049 4000 4001 4002 # NFS
+          3483 9000 9090 # Slimserver
+        ];
+        allowedUDPPorts = [
+          111 2049 4000 4001 4002 # NFS
+          3483 # Slimserver
+        ];
+      };
+      enable = true;
+    };
   };
 
   services.dhcpd4 = {
@@ -108,12 +123,6 @@ in
     passwordAuthentication = false;
   };
 
-  networking.firewall = {
-    allowedTCPPorts = [ ];
-    allowedUDPPorts = [ ];
-    enable = true;
-  };
-
   security.sudo.wheelNeedsPassword = false;
 
   system.stateVersion = "18.03";
diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix
index c7138f6..4bb9249 100644
--- a/systems/LoutreOS/services.nix
+++ b/systems/LoutreOS/services.nix
@@ -436,8 +436,6 @@ in
     };
 
     firewall.allowedTCPPorts = [
-      111 2049 4000 4001 4002 # NFS
-      3483 9000 9090 # Slimserver
       51413 # Transmission
       8448 # Matrix federation
       20 21 # FTP
@@ -448,8 +446,6 @@ in
     ];
 
     firewall.allowedUDPPorts = [
-      111 2049 4000 4001 4002 # NFS
-      3483 # Slimserver
       51413 # Transmission
       51820 # Wireguard
     ];