atridad/lavitz
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1766694187

Browse Source
This commit is contained in:
Atridad Lahiji
2025-12-25 13:23:07 -07:00
parent a479ec48f8
commit 2ed733ebae
6 changed files with 17 additions and 134 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
modules/networking.nix
View File

@@ -13,35 +13,16 @@ in
networking.firewall = {
enable = true;
# Allowed ports
allowedTCPPorts = [
allowedTCPPorts = [
# Sunshine
47984 47989 48010
47984 47989 48010
];
allowedUDPPorts = [
allowedUDPPorts = [
# Sunshine
47998 47999 48000 48010
47998 47999 48000 48010
];
# Firewall
logReversePathDrops = true;
logRefusedConnections = true;
# Connection tracking
connectionTrackingModules = [];
autoLoadConntrackHelpers = false;
extraCommands = ''
iptables -A INPUT -p tcp --syn -m connlimit --connlimit-above 50 -j DROP
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP
'';
extraStopCommands = ''
iptables -D INPUT -p tcp --syn -m connlimit --connlimit-above 50 -j DROP 2>/dev/null || true
iptables -D INPUT -p tcp --dport 22 -m state --state NEW -m recent --set 2>/dev/null || true
iptables -D INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP 2>/dev/null || true
'';
};
networking.nameservers = [ "1.1.1.1" "9.9.9.9" ];