Firewall: Difference between revisions

From NixOS Wiki
← Older editNewer edit →
VisualWikitext
imported>Onny
Note about opening firewall ports through service option
imported>Onny
No edit summary
Line 26: Line 26:
</syntaxhighlight>
</syntaxhighlight>


{{note|Many services also provide an option to open required firewall ports automatically, for example through <code><nowiki>services.jellyfin.openFirewall = true;</nowiki></code>.}}
{{note|Many services also provide an option to open required firewall ports automatically. For example, the media server Jellyfin offers the option <code><nowiki>services.jellyfin.openFirewall = true;</nowiki></code> which will open required TCP ports.}}


Interface specific firewall rules can be applied like this
Interface specific firewall rules can be applied like this

Revision as of 13:28, 23 June 2022

NixOS provides an interface to configure the Nftables based firewall through the option networking.firewall.

Enable

To enable the firewall, simply put following code into your system configuration 

/etc/nixos/configuration.nix

networking.firewall.enable = true;

This will make all local ports and services unreachable from external connections.

Configuration

To allow specific TCP/UDP ports or port ranges on all interfaces, you can use following syntax: 

networking.firewall = {
  enable = true;
  allowedTCPPorts = [ 80 443 ];
  allowedUDPPortRanges = [
    { from = 4000; to = 4007; }
    { from = 8000; to = 8010; }
  ];
};
Note: Many services also provide an option to open required firewall ports automatically. For example, the media server Jellyfin offers the option services.jellyfin.openFirewall = true; which will open required TCP ports.

Interface specific firewall rules can be applied like this 

networking.firewall.interfaces."eth0".allowedTCPPorts = [ 80 443 ];

In this case, ports 80 and 443 will be allowed for the interface eth0.

Retrieved from "https://wiki.nixos.org/w/index.php?title=Firewall&oldid=9851"