diff options
author | makefu <github@syntax-fehler.de> | 2015-11-13 12:24:29 +0100 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2015-11-13 12:24:29 +0100 |
commit | 525dff002e7fe360b0c9803f1004ad2c8749c319 (patch) | |
tree | 49d20ac742496161c581d1979105dffc61173d91 /makefu/1systems/gum.nix | |
parent | 222d959ee45de47bbbf70c64df8840a5f9e40aa5 (diff) |
m 1 gum: disable ipv6, open up fw
Diffstat (limited to 'makefu/1systems/gum.nix')
-rw-r--r-- | makefu/1systems/gum.nix | 32 |
1 files changed, 17 insertions, 15 deletions
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 8dd347b4f..63db7a71c 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -16,7 +16,6 @@ in { krebs.build.target = "root@gum.krebsco.de"; krebs.build.host = config.krebs.hosts.gum; - # Chat environment.systemPackages = with pkgs;[ weechat @@ -33,21 +32,24 @@ in { services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0" ''; + boot.kernelParams = [ "ipv6.disable=1" ]; networking = { - firewall = { - allowPing = true; - allowedTCPPorts = [ - # smtp - 25 - # http - 80 443 - # tinc - 655 - ]; - allowedUDPPorts = [ - # tinc - 655 53 - ]; + enableIPv6 = false; + firewall = { + allowPing = true; + logRefusedConnections = false; + allowedTCPPorts = [ + # smtp + 25 + # http + 80 443 + # tinc + 655 + ]; + allowedUDPPorts = [ + # tinc + 655 53 + ]; }; interfaces.et0.ip4 = [{ address = external-ip; |