modules/system/networking/firewall.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

{ lib, ... }:
let
  inherit (lib) mkForce;
in
{
  networking.firewall = {
    enable = true;
    allowedUDPPorts = mkForce [ ];
    allowedTCPPorts = mkForce [ ];
    allowPing = mkForce false;
    logReversePathDrops = true;
    logRefusedConnections = false;
    checkReversePath = mkForce false;
  };
}