Drastically simplify firewall config

configuration.nix

@@ -309,46 +309,18 @@ in
       # Allow everything from router (usefull for UPnP/IGD)
       iptables -A INPUT -s 192.168.1.254 -j ACCEPT
 
-      # Allow Docker containers to access a few things
-      iptables -N CONTAINERS
-      iptables -A INPUT -s 172.17.0.0/16 -j CONTAINERS
+      # Allow docker containers to access all ports
+      iptables -A INPUT -s 172.17.0.0/16 -j ACCEPT
 
-      # Yugabyte YSQL
-      iptables -A CONTAINERS -p tcp --dport 5433 -j ACCEPT
-
-      # Specific rules for VPN nodes
-      iptables -N VPN
-      iptables -A INPUT -s 10.42.0.0/16 -j VPN
-
-      # Allow server nodes to communicate between themselves on all ports
-      iptables -A VPN -s 10.42.0.2 -j ACCEPT
-      iptables -A VPN -s 10.42.0.21 -j ACCEPT
-      iptables -A VPN -s 10.42.0.22 -j ACCEPT
-      iptables -A VPN -s 10.42.0.23 -j ACCEPT
-
-      # Allow all VPN users to access Nomad API
-      iptables -A VPN -p tcp --dport 4646 -j ACCEPT
-
-      # Same for Consul API
-      iptables -A VPN -p tcp --dport 8500 -j ACCEPT
-
-      # Same for YugabyteDB YSQL and Admin ports
-      iptables -A VPN -p tcp --dport 5433 -j ACCEPT
-      iptables -A VPN -p tcp --dport 7000 -j ACCEPT
-
-      # Same for Netdata monitoring
-      iptables -A VPN -p tcp --dport 19999 -j ACCEPT
+      # Allow other nodes on VPN to access all ports
+      iptables -A INPUT -s 10.42.0.0/16 -j ACCEPT
     '';
 
     # When stopping firewall, delete all rules that were configured manually above
     extraStopCommands = ''
       iptables -D INPUT -s 192.168.1.254 -j ACCEPT
-      iptables -D INPUT -s 10.42.0.0/16 -j VPN
-      iptables -F VPN
-      iptables -X VPN
-      iptables -D INPUT -s 172.17.0.0/16 -j CONTAINERS
-      iptables -F CONTAINERS
-      iptables -X CONTAINERS
+      iptables -D INPUT -s 172.17.0.0/16 -j ACCEPT
+      iptables -D INPUT -s 10.42.0.0/16 -j ACCEPT
     '';
   };