update firewalls for Rust
This commit is contained in:
parent
ff317fcec6
commit
88804e78f7
GPG key ID:
3895DD267CA11BA9
3 changed files with 44 additions and 20 deletions
nixos/hosts
|
|
@ -10,25 +10,26 @@
|
|||
interfaces = {
|
||||
wireguard0 = {
|
||||
allowedTCPPorts = [
|
||||
# 53 # DNS
|
||||
80 # HTTP
|
||||
443 # HTTPS
|
||||
1443 # Headscale DERP (tcp)
|
||||
25 # Mailserver
|
||||
143 # Mailserver
|
||||
465 # Mailserver
|
||||
587 # Mailserver
|
||||
993 # Mailserver
|
||||
4190 # Mailserver
|
||||
4443 # Jitsi
|
||||
# Games
|
||||
28015 # Rust
|
||||
28016 # Rust
|
||||
42420 # Vintage Story
|
||||
25565 # Minecraft
|
||||
1443 # Headscale DERP (tcp)
|
||||
25 # Mailserver
|
||||
143 # Mailserver
|
||||
465 # Mailserver
|
||||
587 # Mailserver
|
||||
993 # Mailserver
|
||||
4190 # Mailserver
|
||||
4443 # Jitsi
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
# 53 # DNS (udp)
|
||||
28015 # Rust
|
||||
28016 # Rust
|
||||
10000 # Jitsi Meet (udp)
|
||||
# 15636 # Enshrouded - Game
|
||||
# 15637 # Enshrouded - Query Port
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -5,8 +5,6 @@
|
|||
allowedTCPPorts = [
|
||||
80 # HTTP
|
||||
443 # HTTPS
|
||||
42420 # Vintage Story
|
||||
25565 # Minecraft
|
||||
25 # Mailserver
|
||||
143 # Mailserver
|
||||
465 # Mailserver
|
||||
|
|
@ -14,11 +12,18 @@
|
|||
993 # Mailserver
|
||||
4190 # Mailserver
|
||||
4443 # Jitsi
|
||||
# Games
|
||||
28015 # Rust
|
||||
28016 # Rust
|
||||
42420 # Vintage Story
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
# Games
|
||||
28015 # Rust
|
||||
28016 # Rust
|
||||
# 15636 # Enshrouded - Game
|
||||
# 15637 # Enshrouded - Query Port
|
||||
10000 # Jitsi Meet (udp)
|
||||
15636 # Enshrouded - Game
|
||||
15637 # Enshrouded - Query Port
|
||||
];
|
||||
};
|
||||
|
||||
|
|
@ -31,6 +36,8 @@
|
|||
iifname "enp0s4" udp dport 10000 dnat to 10.100.0.2:10000;
|
||||
iifname "enp0s4" udp dport 15636 dnat to 10.100.1.2:15636;
|
||||
iifname "enp0s4" udp dport 15637 dnat to 10.100.1.2:15637;
|
||||
iifname "enp0s4" udp dport 20815 dnat to 10.100.1.3:20815;
|
||||
iifname "enp0s4" udp dport 20816 dnat to 10.100.1.3:20816;
|
||||
}
|
||||
}
|
||||
'';
|
||||
|
|
@ -41,9 +48,11 @@
|
|||
internalInterfaces = [ "enp0s4" ];
|
||||
externalInterface = "wireguard0";
|
||||
forwardPorts = [
|
||||
{ sourcePort = 10000; proto = "udp"; destination = "10.100.0.2:10000"; }
|
||||
{ sourcePort = 15636; proto = "udp"; destination = "10.100.1.2:15636"; }
|
||||
{ sourcePort = 15637; proto = "udp"; destination = "10.100.1.2:15637"; }
|
||||
{ sourcePort = 10000; proto = "udp"; destination = "10.100.0.2:10000"; } # Jitsi Meet
|
||||
{ sourcePort = 15636; proto = "udp"; destination = "10.100.1.2:15636"; } # Enshrouded
|
||||
{ sourcePort = 15637; proto = "udp"; destination = "10.100.1.2:15637"; } # Enshrouded
|
||||
{ sourcePort = 20815; proto = "udp"; destination = "10.100.1.3:20816"; } # Rust
|
||||
{ sourcePort = 20816; proto = "udp"; destination = "10.100.1.3:20816"; } # Rust
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
@ -79,7 +88,6 @@
|
|||
|
||||
frontend tcp
|
||||
mode tcp
|
||||
bind :25565
|
||||
bind :4443
|
||||
bind :443
|
||||
|
||||
|
|
@ -111,6 +119,15 @@
|
|||
backend backend_vintage-story
|
||||
mode tcp
|
||||
server vintage-story-wg 10.100.1.5
|
||||
|
||||
frontend rust
|
||||
mode tcp
|
||||
bind :20815
|
||||
bind :20816
|
||||
default_backend backend_rust
|
||||
backend backend_rust
|
||||
mdoe tcp
|
||||
server rust-wg 1.100.1.6
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -70,6 +70,12 @@
|
|||
allowedIPs = [ "10.100.1.5/32" ];
|
||||
persistentKeepalive = 5;
|
||||
}
|
||||
{ # framework-server docker:wg-rust
|
||||
publicKey = "7gf8FOgvly6yDDszQD49AxcXWywiivY0UoZdpkHbzjA=";
|
||||
presharedKeyFile = "/run/secrets/preshared_key";
|
||||
allowedIPs = [ "10.100.1.6/32" ];
|
||||
persistentKeepalive = 5;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue