You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
46 lines
1.3 KiB
46 lines
1.3 KiB
table inet firewall {
|
|
|
|
chain input {
|
|
type filter hook input priority 0; policy drop;
|
|
|
|
# established/related connections
|
|
ct state established,related accept
|
|
|
|
# loopback + lxdbr0 interface
|
|
iifname lo accept
|
|
iifname lxdbr0 accept
|
|
|
|
# icmp
|
|
icmp type echo-request accept
|
|
|
|
# allow SSH + GITEA + NGINX
|
|
tcp dport {22, 2222, 80, 443} accept
|
|
|
|
{%- if env.target == 'dev' %}
|
|
{%- if env.desktop == 'true' %}
|
|
|
|
# DESKTOP RULES BELOW
|
|
# -------------------
|
|
|
|
# allow mDNS
|
|
udp dport mdns accept
|
|
|
|
{%- if env.samba == 'true' %}
|
|
|
|
# allow SAMBA
|
|
udp dport netbios-ns accept comment "Accept NetBIOS Name Service (nmbd)"
|
|
udp dport netbios-dgm accept comment "Accept NetBIOS Datagram Service (nmbd)"
|
|
tcp dport netbios-ssn accept comment "Accept NetBIOS Session Service (smbd)"
|
|
tcp dport microsoft-ds accept comment "Accept Microsoft Directory Service (smbd)"
|
|
{%- endif %}
|
|
|
|
{%- if env.transmission_daemon == 'true' %}
|
|
|
|
# allow TRANSMISSION-REMOTE
|
|
tcp dport 9091 accept comment "Accept Transmission Remote Service"
|
|
{%- endif %}
|
|
{%- endif %}
|
|
{%- endif %}
|
|
}
|
|
|
|
}
|