nixos-configuration/hosts/pi4/security/firewall.nix

{
  networking = {
    firewall = {
      enable = true;
      trustedInterfaces = [ "tailscale0" ];
      extraInputRules =
        let
          localIPv4Range = "192.168.10.0/24";
        in
        ''
          ip saddr ${localIPv4Range} tcp dport 22 accept
          ip saddr ${localIPv4Range} udp dport 22 accept
        '';
    };
    nftables.enable = true;
  };
}
:sparkles: [pi4] Nftables firewall config, moved security.nix to security dir 2025-04-16 21:09:17 +00:00			`{`
			`networking = {`
			`firewall = {`
			`enable = true;`
			`trustedInterfaces = [ "tailscale0" ];`
			`extraInputRules =`
			`let`
			`localIPv4Range = "192.168.10.0/24";`
			`in`
			`''`
			`ip saddr ${localIPv4Range} tcp dport 22 accept`
			`ip saddr ${localIPv4Range} udp dport 22 accept`
			`'';`
			`};`
			`nftables.enable = true;`
			`};`
			`}`