From 150adc5f92cf33dd0e7acab45873483e4b9ba0c3 Mon Sep 17 00:00:00 2001
From: albert <albert@sysctl.io>
Date: Sun, 9 Mar 2025 09:56:37 -0700
Subject: [PATCH] Update frankfurt firewall rules
---
nixos/hosts/frankfurt-linode-01/firewall.nix | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/nixos/hosts/frankfurt-linode-01/firewall.nix b/nixos/hosts/frankfurt-linode-01/firewall.nix
index 3b083cfc..982a444e 100644
--- a/nixos/hosts/frankfurt-linode-01/firewall.nix
+++ b/nixos/hosts/frankfurt-linode-01/firewall.nix
@@ -6,7 +6,7 @@
80 # HTTP
443 # HTTPS
42420 # Vintage Story
- 25565 # Minecraft
+ # 25565 # Minecraft
25 # Mailserver
143 # Mailserver
465 # Mailserver
@@ -17,20 +17,21 @@
];
allowedUDPPorts = [
10000 # Jitsi Meet (udp)
- 15636 # Enshrouded - Game
- 15637 # Enshrouded - Query Port
+ # 15636 # Enshrouded - Game
+ # 15637 # Enshrouded - Query Port
];
};
nftables = {
enable = true;
+ # NOTE: If these need to be re-enabled, move them to the PREROUTING chain below
+ # iifname "enp0s4" udp dport 15636 dnat to 10.100.1.2:15636;
+ # iifname "enp0s4" udp dport 15637 dnat to 10.100.1.2:15637;
ruleset = ''
table ip nat {
chain PREROUTING {
type nat hook prerouting priority dstnat; policy accept;
iifname "enp0s4" udp dport 10000 dnat to 10.100.0.2:10000;
- iifname "enp0s4" udp dport 15636 dnat to 10.100.1.2:15636;
- iifname "enp0s4" udp dport 15637 dnat to 10.100.1.2:15637;
}
}
'';
@@ -42,8 +43,8 @@
externalInterface = "wireguard0";
forwardPorts = [
{ sourcePort = 10000; proto = "udp"; destination = "10.100.0.2:10000"; }
- { sourcePort = 15636; proto = "udp"; destination = "10.100.1.2:15636"; }
- { sourcePort = 15637; proto = "udp"; destination = "10.100.1.2:15637"; }
+ # { sourcePort = 15636; proto = "udp"; destination = "10.100.1.2:15636"; }
+ # { sourcePort = 15637; proto = "udp"; destination = "10.100.1.2:15637"; }
];
};
};