provisioning tool for building opinionated architecture
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

46 lines
1.3 KiB

table inet firewall {
chain input {
type filter hook input priority 0; policy drop;
# established/related connections
ct state established,related accept
# loopback + lxdbr0 interface
iifname lo accept
iifname lxdbr0 accept
# icmp
icmp type echo-request accept
# allow SSH + GITEA + NGINX
tcp dport {22, 2222, 80, 443} accept
{%- if env.target == 'dev' %}
{%- if env.desktop == 'true' %}
# DESKTOP RULES BELOW
# -------------------
# allow mDNS
udp dport mdns accept
{%- if env.samba == 'true' %}
# allow SAMBA
udp dport netbios-ns accept comment "Accept NetBIOS Name Service (nmbd)"
udp dport netbios-dgm accept comment "Accept NetBIOS Datagram Service (nmbd)"
tcp dport netbios-ssn accept comment "Accept NetBIOS Session Service (smbd)"
tcp dport microsoft-ds accept comment "Accept Microsoft Directory Service (smbd)"
{%- endif %}
{%- if env.transmission_daemon == 'true' %}
# allow TRANSMISSION-REMOTE
tcp dport 9091 accept comment "Accept Transmission Remote Service"
{%- endif %}
{%- endif %}
{%- endif %}
}
}