Firejail: Difference between revisions

VisualWikitext
imported>Onny
mNo edit summary
imported>Onny
(Simplify tor instructions)
Line 69: Line 69:
};
};


networking.bridges."tornet" = {
networking = {
   interfaces = [];
  bridges."tornet".interfaces = [];
  interfaces.tornet.ipv4.addresses = [{
    address = "10.100.100.1";
    prefixLength = 24;
  }];
   firewall = {
    enable = true;
    interfaces.tornet = {
      allowedTCPPorts = [ 9040 ];
      allowedUDPPorts = [ 5353 ];
    };
    extraCommands = ''
      iptables -t nat -A PREROUTING -i tornet -p udp -m udp --dport 53 -j DNAT --to-destination 127.0.0.1:5353
      iptables -t nat -A PREROUTING -i tornet -p tcp -j DNAT --to-destination 127.0.0.1:9040
    '';
  };
};
};
networking.interfaces.tornet.ipv4.addresses = [{
  address = "10.100.100.1";
  prefixLength = 24;
}];


boot.kernel.sysctl = {
boot.kernel.sysctl = {
   "net.ipv4.conf.tornet.route_localnet" = 1;
   "net.ipv4.conf.tornet.route_localnet" = 1;
};
networking.firewall = {
  enable = true;
  extraCommands = ''
    iptables -t nat -A PREROUTING -i tornet -p udp -m udp --dport 53 -j DNAT --to-destination 127.0.0.1:5353
    iptables -t nat -A PREROUTING -i tornet -p tcp -j DNAT --to-destination 127.0.0.1:9040
    iptables -A INPUT -i tornet -p tcp --dport 9040 -j ACCEPT
    iptables -A INPUT -i tornet -p udp --dport 5353 -j ACCEPT
  '';
};
};
</syntaxhighlight>
</syntaxhighlight>
Retrieved from "https://wiki.nixos.org/wiki/Firejail"