summaryrefslogtreecommitdiff
path: root/modules/system/networking/firewall.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/system/networking/firewall.nix')
-rw-r--r--modules/system/networking/firewall.nix17
1 files changed, 10 insertions, 7 deletions
diff --git a/modules/system/networking/firewall.nix b/modules/system/networking/firewall.nix
index 569089c..39c5b03 100644
--- a/modules/system/networking/firewall.nix
+++ b/modules/system/networking/firewall.nix
@@ -1,12 +1,15 @@
+{ lib, ... }:
+let
+ inherit (lib) mkForce;
+in
{
networking.firewall = {
enable = true;
- allowedUDPPorts = [ 53 ];
- allowPing = false;
-
- allowedTCPPorts = [
- 80
- 443
- ];
+ allowedUDPPorts = mkForce [ ];
+ allowedTCPPorts = mkForce [ ];
+ allowPing = mkForce false;
+ logReversePathDrops = true;
+ logRefusedConnections = false;
+ checkReversePath = mkForce false;
};
}
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-11 07:59:48 +0000