Deuxfleurs/nixcfg
15
7
Fork 2
Code Issues 16 Pull requests 2 Projects Releases Wiki Activity

Update firewall config to avoid timeouts and avoid spamming logs

Browse source
This commit is contained in:
Baptiste Jonglez 2025-02-10 22:37:55 +01:00
parent c4e5ddb24b
commit 4bf7f9a76b
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
nix/deuxfleurs.nix
View file

@ -421,6 +421,12 @@ in
cfg.wireguardPort cfg.wireguardPort
]; ];
# Don't spam logs with refused connections
logRefusedConnections = false;
# Use REJECT instead of DROP, to avoid timeouts (e.g. when trying to connect to the wrong SSH port)
rejectPackets = true;
# Allow specific hosts access to specific things in the cluster # Allow specific hosts access to specific things in the cluster
extraCommands = '' extraCommands = ''
# Allow UDP packets comming from port 1900 from a local address, # Allow UDP packets comming from port 1900 from a local address,