diff options
Diffstat (limited to 'modules/simple-firewall.nix')
| -rw-r--r-- | modules/simple-firewall.nix | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/modules/simple-firewall.nix b/modules/simple-firewall.nix index f2b4405..7a3ad3e 100644 --- a/modules/simple-firewall.nix +++ b/modules/simple-firewall.nix @@ -23,8 +23,6 @@ in config = lib.mkIf cfg.enable { networking.firewall.enable = lib.mkForce false; - - boot.blacklistedKernelModules = ["ip_tables"]; networking.nftables.enable = true; networking.nftables.ruleset = @@ -52,13 +50,13 @@ in ct state {established, related} accept - ip protocol icmp limit rate 4/second counter name icmp-allowed accept - ip6 nexthdr ipv6-icmp limit rate 4/second counter name icmp6-allowed accept + ip protocol icmp limit rate 4/second counter accept + ip6 nexthdr ipv6-icmp limit rate 4/second counter accept - tcp dport @allowed_tcp_ports counter name tcp-allowed accept - udp dport @allowed_udp_ports counter name udp-allowed accept + tcp dport @allowed_tcp_ports counter accept + udp dport @allowed_udp_ports counter accept - counter name dropped drop + counter drop } chain output { |