From 21db2e5762854966fb735e68d001e4ab6dbbbcbf Mon Sep 17 00:00:00 2001
From: Fuwn <contact@fuwn.me>
Date: Thu, 5 Sep 2024 02:14:50 -0700
Subject: Bump

---
 modules/system/networking/firewall.nix | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

(limited to 'modules/system/networking/firewall.nix')

diff --git a/modules/system/networking/firewall.nix b/modules/system/networking/firewall.nix
index 569089c..39c5b03 100644
--- a/modules/system/networking/firewall.nix
+++ b/modules/system/networking/firewall.nix
@@ -1,12 +1,15 @@
+{ lib, ... }:
+let
+  inherit (lib) mkForce;
+in
 {
   networking.firewall = {
     enable = true;
-    allowedUDPPorts = [ 53 ];
-    allowPing = false;
-
-    allowedTCPPorts = [
-      80
-      443
-    ];
+    allowedUDPPorts = mkForce [ ];
+    allowedTCPPorts = mkForce [ ];
+    allowPing = mkForce false;
+    logReversePathDrops = true;
+    logRefusedConnections = false;
+    checkReversePath = mkForce false;
   };
 }
-- 
cgit v1.2.3