Firewall: Difference between revisions

Line 1:

NixOS provides an interface to configure the firewall through the option <code>networking.firewall</code>.

~~Whether the~~ firewall ~~is based on~~ [https://www.~~nftables~~.org/ ~~Nftables~~] ~~or iptables depends on~~ the ~~value of~~ [https://~~github~~.~~com~~/~~NixOS/nixpkgs/blob/4bff9cd9f809b8f510a21be0c845bf37e6af148c/nixos/modules/services/networking/firewall.nix#L73~~ <code>~~config.~~networking.nftables.enable</code>].

The default firewall uses [https://www.netfilter.org/ iptables]. To use the newer [https://www.nftables.org/ nftables] instead, set <code>networking.nftables.enable = true;</code>

== Enable ==

To enable the firewall, ~~simply put~~ following ~~code~~ into your system configuration

To enable the firewall, add the following into your system configuration:

{{file|/etc/nixos/configuration.nix|nix|<nowiki>

Line 15:

== Configuration ==

To allow specific TCP/UDP ports or port ranges on all interfaces, ~~you can~~ use following syntax:

To allow specific TCP/UDP ports or port ranges on all interfaces, use following syntax:

Line 28:

</syntaxhighlight>

{{note|Many services also provide an option to open required firewall ports automatically. For example, the media server Jellyfin offers the option <code><nowiki>services.jellyfin.openFirewall = true;</nowiki></code> which will open required TCP ports.}}

{{note|Many services also provide an option to open the required firewall ports automatically. For example, the media server Jellyfin offers the option <code><nowiki>services.jellyfin.openFirewall = true;</nowiki></code> which will open the required TCP ports.}}

Interface specific firewall rules can be applied like this

Interface-specific firewall rules can be applied like this:

Line 40:

== Warning ==

Firewall rules may be overwritten by ~~docker~~, as per https://github.com/NixOS/nixpkgs/issues/111852

Firewall rules may be overwritten by Docker, as per https://github.com/NixOS/nixpkgs/issues/111852

@@ Line 1: / Line 1: @@
 NixOS provides an interface to configure the firewall through the option <code>networking.firewall</code>.
-Whether the firewall is based on [https://www.nftables.org/ Nftables] or iptables depends on the value of [https://github.com/NixOS/nixpkgs/blob/4bff9cd9f809b8f510a21be0c845bf37e6af148c/nixos/modules/services/networking/firewall.nix#L73  <code>config.networking.nftables.enable</code>].
+The default firewall uses [https://www.netfilter.org/ iptables]. To use the newer [https://www.nftables.org/ nftables] instead, set <code>networking.nftables.enable = true;</code>
 == Enable ==
-To enable the firewall, simply put following code into your system configuration
+To enable the firewall, add the following into your system configuration:
 {{file|/etc/nixos/configuration.nix|nix|<nowiki>
@@ Line 15: / Line 15: @@
 == Configuration ==
-To allow specific TCP/UDP ports or port ranges on all interfaces, you can use following syntax:
+To allow specific TCP/UDP ports or port ranges on all interfaces, use following syntax:
 <syntaxhighlight lang="nix>
@@ Line 28: / Line 28: @@
 </syntaxhighlight>
-{{note|Many services also provide an option to open required firewall ports automatically. For example, the media server Jellyfin offers the option <code><nowiki>services.jellyfin.openFirewall = true;</nowiki></code> which will open required TCP ports.}}
+{{note|Many services also provide an option to open the required firewall ports automatically. For example, the media server Jellyfin offers the option <code><nowiki>services.jellyfin.openFirewall = true;</nowiki></code> which will open the required TCP ports.}}
-Interface specific firewall rules can be applied like this
+Interface-specific firewall rules can be applied like this:
 <syntaxhighlight lang="nix>
@@ Line 40: / Line 40: @@
 == Warning ==
-Firewall rules may be overwritten by docker, as per https://github.com/NixOS/nixpkgs/issues/111852
+Firewall rules may be overwritten by Docker, as per https://github.com/NixOS/nixpkgs/issues/111852