1
0

Apply firewall rules to all interfaces on router

This commit is contained in:
clerie 2022-07-13 22:17:53 +02:00
parent 2024601135
commit d8e929181f
14 changed files with 62 additions and 0 deletions

View File

@ -34,4 +34,10 @@
]; ];
}; };
}; };
clerie.forward-filter.interfaces.net-technik-iot.rules = [
{ incomingInterface = "net-ikt"; }
# Give technik access to their toys
{ incomingInterface = "net-technik"; }
];
} }

View File

@ -47,4 +47,9 @@
]; ];
}; };
}; };
clerie.forward-filter.interfaces.net-ikt.rules = [
# Allow infrastructure devices to access ikt user devices for downloading software etc
{ incomingInterface = "net-management"; }
];
} }

View File

@ -47,4 +47,10 @@
]; ];
}; };
}; };
clerie.forward-filter.interfaces.net-technik.rules = [
{ incomingInterface = "net-ikt"; }
# Give the toys access to technik
{ incomingInterface = "net-technik-iot"; }
];
} }

View File

@ -47,4 +47,8 @@
]; ];
}; };
}; };
clerie.forward-filter.interfaces.net-hospital.rules = [
{ incomingInterface = "net-ikt"; }
];
} }

View File

@ -47,4 +47,8 @@
]; ];
}; };
}; };
clerie.forward-filter.interfaces.net-zoll.rules = [
{ incomingInterface = "net-ikt"; }
];
} }

View File

@ -47,4 +47,8 @@
]; ];
}; };
}; };
clerie.forward-filter.interfaces.net-leitstelle.rules = [
{ incomingInterface = "net-ikt"; }
];
} }

View File

@ -47,4 +47,8 @@
]; ];
}; };
}; };
clerie.forward-filter.interfaces.net-verwaltung.rules = [
{ incomingInterface = "net-ikt"; }
];
} }

View File

@ -47,4 +47,8 @@
]; ];
}; };
}; };
clerie.forward-filter.interfaces.net-yolo.rules = [
{ incomingInterface = "net-ikt"; }
];
} }

View File

@ -47,4 +47,8 @@
]; ];
}; };
}; };
clerie.forward-filter.interfaces.net-infojurte.rules = [
{ incomingInterface = "net-ikt"; }
];
} }

View File

@ -47,4 +47,8 @@
]; ];
}; };
}; };
clerie.forward-filter.interfaces.net-internation.rules = [
{ incomingInterface = "net-ikt"; }
];
} }

View File

@ -47,4 +47,8 @@
]; ];
}; };
}; };
clerie.forward-filter.interfaces.net-programmtre.rules = [
{ incomingInterface = "net-ikt"; }
];
} }

View File

@ -47,4 +47,8 @@
]; ];
}; };
}; };
clerie.forward-filter.interfaces.net-open-office.rules = [
{ incomingInterface = "net-ikt"; }
];
} }

View File

@ -9,4 +9,11 @@
networking.interfaces.net-management.ipv4.addresses = [ networking.interfaces.net-management.ipv4.addresses = [
{ address = "10.42.42.1"; prefixLength = 24; } { address = "10.42.42.1"; prefixLength = 24; }
]; ];
clerie.forward-filter.interfaces.net-management.rules = [
{ incomingInterface = "net-ikt"; }
# Allow monitoring
{ incomingInterface = "net-services"; sourceAddress = "10.42.10.7"; }
{ incomingInterface = "net-services"; sourceAddress6 = "2a01:4f8:1c0c:8221::7"; }
];
} }

View File

@ -73,6 +73,8 @@
}; };
}; };
clerie.forward-filter.enable = true;
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave # on your system were taken. Its perfectly fine and recommended to leave