firewall: limitation NFS et Slimserver au LAN

2019-04-27 11:34:17 +02:00 · 2019-04-27 11:34:17 +02:00 · e53f70e680
commit e53f70e680
parent ef0a6f3cc9
2 changed files with 15 additions and 10 deletions
--- a/systems/LoutreOS/configuration.nix
+++ b/systems/LoutreOS/configuration.nix
@ -83,6 +83,21 @@ in
      internalInterfaces = [ "eno2" ];
    };

+    firewall = {
+      allowedTCPPorts = [ ];
+      allowedUDPPorts = [ ];
+      interfaces.eno2 = {
+        allowedTCPPorts = [
+          111 2049 4000 4001 4002 # NFS
+          3483 9000 9090 # Slimserver
+        ];
+        allowedUDPPorts = [
+          111 2049 4000 4001 4002 # NFS
+          3483 # Slimserver
+        ];
+      };
+      enable = true;
+    };
  };

  services.dhcpd4 = {
@ -108,12 +123,6 @@ in
    passwordAuthentication = false;
  };

-  networking.firewall = {
-    allowedTCPPorts = [ ];
-    allowedUDPPorts = [ ];
-    enable = true;
-  };
-
  security.sudo.wheelNeedsPassword = false;

  system.stateVersion = "18.03";