diff options
| author | Kjetil Orbekk <kj@orbekk.com> | 2021-03-08 19:57:51 -0500 |
|---|---|---|
| committer | Kjetil Orbekk <kj@orbekk.com> | 2021-03-08 19:57:51 -0500 |
| commit | ff7006318cd00a9b059927edd10e772c7e854dd2 (patch) | |
| tree | 5da14b2082ed6138beeffef935fe0e00d0c0cd85 /modules/simple-firewall.nix | |
| parent | 70b4fd29a6ea366bcdc70b40dd1dfd7f8501b48f (diff) | |
mullvad setup
Diffstat (limited to 'modules/simple-firewall.nix')
| -rw-r--r-- | modules/simple-firewall.nix | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/modules/simple-firewall.nix b/modules/simple-firewall.nix index f2b4405..7a3ad3e 100644 --- a/modules/simple-firewall.nix +++ b/modules/simple-firewall.nix @@ -23,8 +23,6 @@ in config = lib.mkIf cfg.enable { networking.firewall.enable = lib.mkForce false; - - boot.blacklistedKernelModules = ["ip_tables"]; networking.nftables.enable = true; networking.nftables.ruleset = @@ -52,13 +50,13 @@ in ct state {established, related} accept - ip protocol icmp limit rate 4/second counter name icmp-allowed accept - ip6 nexthdr ipv6-icmp limit rate 4/second counter name icmp6-allowed accept + ip protocol icmp limit rate 4/second counter accept + ip6 nexthdr ipv6-icmp limit rate 4/second counter accept - tcp dport @allowed_tcp_ports counter name tcp-allowed accept - udp dport @allowed_udp_ports counter name udp-allowed accept + tcp dport @allowed_tcp_ports counter accept + udp dport @allowed_udp_ports counter accept - counter name dropped drop + counter drop } chain output { |