test

2023-12-07 18:37:17 +09:00 · 2023-12-07 18:37:17 +09:00 · 980beafe2d
commit 980beafe2d
parent 91324a7d60
1 changed files with 30 additions and 7 deletions
--- a/nixos/hosts/osaka-linode-01/firewall.nix
+++ b/nixos/hosts/osaka-linode-01/firewall.nix
@ -6,6 +6,12 @@
  networking.firewall.allowedTCPPorts = [
    80    # HTTP
    443   # HTTPS
    25    # SMTP  (explicit TLS => STARTTLS)
    465   # ESMTP (implicit TLS)
    587   # ESMTP (explicit TLS => STARTTLS)
    143   # IMAP4 (explicit TLS => STARTTLS)
    993   # IMAP4 (implicit TLS)
    4190  # Sieve support
    42420 # Vintage Story
    25565 # Minecraft
    1443  # Headscale DERP
@ -13,13 +19,6 @@
    5222  # Jitsi
    5347  # Jitsi
    5280  # Jitsi
    25    # Mail
    465   # Mail 
    587   # Mail 
    143   # Mail 
    993   # Mail  
    4190  # Mail
  ];
@ -39,6 +38,30 @@
    iptables -t nat -A PREROUTING  -p tcp --dport 443 -j DNAT --to-destination 10.100.0.2
    iptables -t nat -A POSTROUTING -p tcp --dport 443 -j MASQUERADE
    # PORT 25  
    iptables -t nat -A PREROUTING  -p tcp --dport 25 -j DNAT --to-destination 10.100.0.2
    iptables -t nat -A POSTROUTING -p tcp --dport 25 -j MASQUERADE
    # PORT 465 
    iptables -t nat -A PREROUTING  -p tcp --dport 465 -j DNAT --to-destination 10.100.0.2
    iptables -t nat -A POSTROUTING -p tcp --dport 465 -j MASQUERADE
    # PORT 587 
    iptables -t nat -A PREROUTING  -p tcp --dport 587 -j DNAT --to-destination 10.100.0.2
    iptables -t nat -A POSTROUTING -p tcp --dport 587 -j MASQUERADE
    # PORT 143 
    iptables -t nat -A PREROUTING  -p tcp --dport 143 -j DNAT --to-destination 10.100.0.2
    iptables -t nat -A POSTROUTING -p tcp --dport 143 -j MASQUERADE
    # PORT 993 
    iptables -t nat -A PREROUTING  -p tcp --dport 993 -j DNAT --to-destination 10.100.0.2
    iptables -t nat -A POSTROUTING -p tcp --dport 993 -j MASQUERADE
    # PORT 4190
    iptables -t nat -A PREROUTING  -p tcp --dport 4190 -j DNAT --to-destination 10.100.0.2
    iptables -t nat -A POSTROUTING -p tcp --dport 4190 -j MASQUERADE
    # PORT 42420
    iptables -t nat -A PREROUTING  -p tcp --dport 42420 -j DNAT --to-destination 10.100.0.2
    iptables -t nat -A POSTROUTING -p tcp --dport 42420 -j MASQUERADE