leonetienne/stormwind-nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

natting for mqtt

Browse Source
This commit is contained in:
RootHost-Stormwind
2025-08-05 10:39:28 +02:00
parent 8c19d07766
commit 1f930f6e1d
1 changed files with 37 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
networking.nix
View File

@@ -7,7 +7,7 @@
firewall = { firewall = {
allowedTCPPorts = [ 80 443 8123 20 21 22 2223 990 989 445 111 2049 32765 32768 20048 ]; allowedTCPPorts = [ 80 443 8123 1883 8883 9001 20 21 22 2223 990 989 445 111 2049 32765 32768 20048 ];
allowedUDPPorts = [ 111 2049 20048 32765 32768 ]; allowedUDPPorts = [ 111 2049 20048 32765 32768 ];
trustedInterfaces = [ "incusbr0" ]; trustedInterfaces = [ "incusbr0" ];
}; };
@@ -28,6 +28,26 @@
iifname "enp4s0" oifname "incusbr0" tcp dport 8123 ct state new,established accept iifname "enp4s0" oifname "incusbr0" tcp dport 8123 ct state new,established accept
iifname "enp4s0" oifname "incusbr0" tcp dport 80 ct state new,established accept iifname "enp4s0" oifname "incusbr0" tcp dport 80 ct state new,established accept
iifname "enp4s0" oifname "incusbr0" tcp dport 443 ct state new,established accept iifname "enp4s0" oifname "incusbr0" tcp dport 443 ct state new,established accept
iifname "enp4s0" oifname "incusbr0" tcp dport 1883 ct state new,established accept
iifname "enp4s0" oifname "incusbr0" tcp dport 8883 ct state new,established accept
iifname "enp4s0" oifname "incusbr0" tcp dport 9001 ct state new,established accept
iifname "enp4s0" oifname "incusbr0" tcp dport 20 ct state new,established accept
iifname "enp4s0" oifname "incusbr0" tcp dport 21 ct state new,established accept
iifname "enp4s0" oifname "incusbr0" tcp dport 22 ct state new,established accept
iifname "enp4s0" oifname "incusbr0" tcp dport 2223 ct state new,established accept
iifname "enp4s0" oifname "incusbr0" tcp dport 990 ct state new,established accept
iifname "enp4s0" oifname "incusbr0" tcp dport 989 ct state new,established accept
iifname "enp4s0" oifname "incusbr0" tcp dport 445 ct state new,established accept
iifname "enp4s0" oifname "incusbr0" tcp dport 111 ct state new,established accept
iifname "enp4s0" oifname "incusbr0" udp dport 111 ct state new,established accept
iifname "enp4s0" oifname "incusbr0" tcp dport 2049 ct state new,established accept
iifname "enp4s0" oifname "incusbr0" udp dport 2049 ct state new,established accept
iifname "enp4s0" oifname "incusbr0" tcp dport 32765 ct state new,established accept
iifname "enp4s0" oifname "incusbr0" udp dport 32765 ct state new,established accept
iifname "enp4s0" oifname "incusbr0" tcp dport 32768 ct state new,established accept
iifname "enp4s0" oifname "incusbr0" udp dport 32768 ct state new,established accept
iifname "enp4s0" oifname "incusbr0" tcp dport 20048 ct state new,established accept
iifname "enp4s0" oifname "incusbr0" udp dport 20048 ct state new,established accept
} }
} }
''; '';
@@ -76,6 +96,22 @@
proto = "tcp"; proto = "tcp";
destination = "10.46.32.2:443"; destination = "10.46.32.2:443";
} }
# MQTT
{
sourcePort = 1883;
proto = "tcp";
destination = "10.46.32.153:1883";
}
{
sourcePort = 8883;
proto = "tcp";
destination = "10.46.32.153:8883";
}
{
sourcePort = 9001;
proto = "tcp";
destination = "10.46.32.153:9001";
}
# FTP # FTP
{ {
sourcePort = 20; sourcePort = 20;
@@ -107,11 +143,6 @@
proto = "tcp"; proto = "tcp";
destination = "10.46.32.2:989"; destination = "10.46.32.2:989";
} }
{
sourcePort = 21;
proto = "tcp";
destination = "10.46.32.2:21";
}
# SMB # SMB
{ {
sourcePort = 445; sourcePort = 445;