feat(bomba): improve firewall rules

2026-06-17 07:14:39 +02:00 · 2026-03-21 23:27:18 +01:00
parent 9efff63559
commit 3691bae82c
1 changed files with 9 additions and 8 deletions
@@ -1,25 +1,26 @@
 { ... }:
+let
+  dockerNetwork = "172.18.0.0/16";
+in
 {
  networking = {
    networkmanager.enable = true;
+    nftables.enable = true;
    firewall = {
+      enable = true;
      allowedTCPPorts = [
        22
        80
        443
-        5900
-      ];
-      allowedTCPPortRanges = [
-        {
-          from = 8001;
-          to = 8005;
-        }
      ];
      allowedUDPPorts = [
        80
        443
      ];
-      enable = true;
+      extraInputRules = ''
+        ip saddr ${dockerNetwork} tcp dport 5900 accept
+        ip saddr ${dockerNetwork} tcp dport 8001-8005 accept
+      '';
    };
  };
 }