Firewall

From NixOS Wiki
Revision as of 13:26, 23 June 2022 by imported>Onny (Note about opening firewall ports through service option)

NixOS provides an interface to configure the Nftables based firewall through the option networking.firewall.

Enable

To enable the firewall, simply put following code into your system configuration 

/etc/nixos/configuration.nix

networking.firewall.enable = true;

This will make all local ports and services unreachable from external connections.

Configuration

To allow specific TCP/UDP ports or port ranges on all interfaces, you can use following syntax: 

networking.firewall = {
  enable = true;
  allowedTCPPorts = [ 80 443 ];
  allowedUDPPortRanges = [
    { from = 4000; to = 4007; }
    { from = 8000; to = 8010; }
  ];
};
Note: Many services also provide an option to open required firewall ports automatically, for example through services.jellyfin.openFirewall = true;.

Interface specific firewall rules can be applied like this 

networking.firewall.interfaces."eth0".allowedTCPPorts = [ 80 443 ];

In this case, ports 80 and 443 will be allowed for the interface eth0.

Retrieved from "https://wiki.nixos.org/w/index.php?title=Firewall&oldid=9850"