diff options
author | Kjetil Orbekk <kj@orbekk.com> | 2021-03-08 17:39:28 -0500 |
---|---|---|
committer | Kjetil Orbekk <kj@orbekk.com> | 2021-03-08 17:39:28 -0500 |
commit | f605c9c843c5033e325931ed2dc3664e0cbcbf5d (patch) | |
tree | b87b74d5894f276fa9b13a60b7f22392701d7503 /modules/simple-firewall.nix | |
parent | 3138a1b27624be2d6afce53fc41ca9406b4b2168 (diff) |
Disable jack audio on firelink
Diffstat (limited to 'modules/simple-firewall.nix')
-rw-r--r-- | modules/simple-firewall.nix | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/modules/simple-firewall.nix b/modules/simple-firewall.nix index 2585a5d..f2b4405 100644 --- a/modules/simple-firewall.nix +++ b/modules/simple-firewall.nix @@ -24,6 +24,7 @@ in config = lib.mkIf cfg.enable { networking.firewall.enable = lib.mkForce false; + boot.blacklistedKernelModules = ["ip_tables"]; networking.nftables.enable = true; networking.nftables.ruleset = @@ -51,13 +52,13 @@ in ct state {established, related} accept - ip protocol icmp limit rate 4/second counter accept - ip6 nexthdr ipv6-icmp limit rate 4/second counter accept + ip protocol icmp limit rate 4/second counter name icmp-allowed accept + ip6 nexthdr ipv6-icmp limit rate 4/second counter name icmp6-allowed accept - tcp dport @allowed_tcp_ports counter accept - udp dport @allowed_udp_ports counter accept + tcp dport @allowed_tcp_ports counter name tcp-allowed accept + udp dport @allowed_udp_ports counter name udp-allowed accept - counter drop + counter name dropped drop } chain output { |