Bump

author: Fuwn <[email protected]> 2024-09-05 02:14:50 -0700
committer: Fuwn <[email protected]> 2024-09-05 02:14:50 -0700
commit: 21db2e5762854966fb735e68d001e4ab6dbbbcbf (patch)
tree: abb082f3a762b9dcddb66ece6dc5cbfcd314fb9f /modules/system/networking/firewall.nix
parent: Bump: docker (diff)
download: nixos-config-21db2e5762854966fb735e68d001e4ab6dbbbcbf.tar.xz
nixos-config-21db2e5762854966fb735e68d001e4ab6dbbbcbf.zip
1 files changed, 10 insertions, 7 deletions
diff --git a/modules/system/networking/firewall.nix b/modules/system/networking/firewall.nix
index 569089c..39c5b03 100644
--- a/modules/system/networking/firewall.nix
+++ b/modules/system/networking/firewall.nix
@@ -1,12 +1,15 @@
+{ lib, ... }:
+let
+  inherit (lib) mkForce;
+in
 {
   networking.firewall = {
     enable = true;
-    allowedUDPPorts = [ 53 ];
-    allowPing = false;
-
-    allowedTCPPorts = [
-      80
-      443
-    ];
+    allowedUDPPorts = mkForce [ ];
+    allowedTCPPorts = mkForce [ ];
+    allowPing = mkForce false;
+    logReversePathDrops = true;
+    logRefusedConnections = false;
+    checkReversePath = mkForce false;
   };
 }
author	Fuwn <[email protected]>	2024-09-05 02:14:50 -0700
committer	Fuwn <[email protected]>	2024-09-05 02:14:50 -0700
commit	21db2e5762854966fb735e68d001e4ab6dbbbcbf (patch)
tree	abb082f3a762b9dcddb66ece6dc5cbfcd314fb9f /modules/system/networking/firewall.nix
parent	Bump: docker (diff)
download	nixos-config-21db2e5762854966fb735e68d001e4ab6dbbbcbf.tar.xz nixos-config-21db2e5762854966fb735e68d001e4ab6dbbbcbf.zip