nixos-configuration/hosts/pi4/security/firewall.nix

{
  networking = {
    firewall = {
      enable = true;
      allowedTCPPorts = [
        80
        443
      ];
      trustedInterfaces = [ "tailscale0" ];
      extraInputRules =
        let
          localIPv4Range = "192.168.10.0/24";
        in
        ''
          ip saddr ${localIPv4Range} accept
        '';
    };
    nftables.enable = true;
  };
}
:sparkles: [pi4] Nftables firewall config, moved security.nix to security dir 2025-04-16 21:09:17 +00:00			`{`
			`networking = {`
			`firewall = {`
			`enable = true;`
:sparkles: [pi4] Added initial caddy config based on homelab 2025-05-13 21:31:29 +02:00			`allowedTCPPorts = [`
			`80`
			`443`
			`];`
:sparkles: [pi4] Nftables firewall config, moved security.nix to security dir 2025-04-16 21:09:17 +00:00			`trustedInterfaces = [ "tailscale0" ];`
			`extraInputRules =`
			`let`
			`localIPv4Range = "192.168.10.0/24";`
			`in`
			`''`
:technologist: [pi4] Allow all traffic from local network 2025-05-31 15:38:42 +00:00			`ip saddr ${localIPv4Range} accept`
:sparkles: [pi4] Nftables firewall config, moved security.nix to security dir 2025-04-16 21:09:17 +00:00			`'';`
			`};`
			`nftables.enable = true;`
			`};`
			`}`