zzkt/guix
1
0
Fork 0
Code Issues Pull requests Projects Activity Actions

Put in earplugs

Browse source
This commit is contained in:
nik gaffney 2024-01-17 16:18:45 +01:00
parent cff429f351
commit 54d9955126
Signed by: nik
GPG key ID: 989F5E6EDB478160
2 changed files with 27 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
config/framework13-system.org
View file

@ -221,14 +221,15 @@ use dovecot for local IMAP
:INPUT ACCEPT
:FORWARD ACCEPT
:OUTPUT ACCEPT
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -p tcp --dport 993 -j ACCEPT
-A INPUT -s 192.168.0.0/16 -p udp -m udp --dport 137 -j ACCEPT
-A INPUT -s 192.168.0.0/16 -p udp -m udp --dport 138 -j ACCEPT
-A INPUT -s 192.168.0.0/16 -p tcp -m tcp --dport 139 -j ACCEPT
-A INPUT -s 192.168.0.0/16 -p tcp -m tcp --dport 445 -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
-A INPUT -p udp -m udp -s 192.168.0.0/16 --dport 137 -j ACCEPT
-A INPUT -p udp -m udp -s 192.168.0.0/16 --dport 138 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.0.0/16 --dport 139 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.0.0/16 --dport 445 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A INPUT -m conntrack --ctstate INVALID -j DROP
COMMIT
"))
(ipv6-rules (plain-file "ip6tables.rules" "*filter
@ -238,11 +239,12 @@ COMMIT
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -p tcp --dport 993 -j ACCEPT
-A INPUT -s 192.168.0.0/16 -p udp -m udp --dport 137 -j ACCEPT
-A INPUT -s 192.168.0.0/16 -p udp -m udp --dport 138 -j ACCEPT
-A INPUT -s 192.168.0.0/16 -p tcp -m tcp --dport 139 -j ACCEPT
-A INPUT -s 192.168.0.0/16 -p tcp -m tcp --dport 445 -j ACCEPT
-A INPUT -p udp -m udp -s 192.168.0.0/16 --dport 137 -j ACCEPT
-A INPUT -p udp -m udp -s 192.168.0.0/16 --dport 138 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.0.0/16 --dport 139 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.0.0/16 --dport 445 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp6-port-unreachable
-A INPUT -m conntrack --ctstate INVALID -j DROP
COMMIT
"))))
#+END_SRC

26
config/framework13-system.scm
View file

@ -1,6 +1,6 @@
;; -*- mode: scheme; coding: utf-8; -*-
;;
;; tangled from framework13-system.org on 2024-01-17 15:41:23+01:00)
;; tangled from framework13-system.org on 2024-01-17 16:18:35+01:00)
(use-modules (gnu)
(gnu packages)
@ -125,14 +125,15 @@
:INPUT ACCEPT
:FORWARD ACCEPT
:OUTPUT ACCEPT
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -p tcp --dport 993 -j ACCEPT
-A INPUT -s 192.168.0.0/16 -p udp -m udp --dport 137 -j ACCEPT
-A INPUT -s 192.168.0.0/16 -p udp -m udp --dport 138 -j ACCEPT
-A INPUT -s 192.168.0.0/16 -p tcp -m tcp --dport 139 -j ACCEPT
-A INPUT -s 192.168.0.0/16 -p tcp -m tcp --dport 445 -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
-A INPUT -p udp -m udp -s 192.168.0.0/16 --dport 137 -j ACCEPT
-A INPUT -p udp -m udp -s 192.168.0.0/16 --dport 138 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.0.0/16 --dport 139 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.0.0/16 --dport 445 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A INPUT -m conntrack --ctstate INVALID -j DROP
COMMIT
"))
(ipv6-rules (plain-file "ip6tables.rules" "*filter
@ -142,11 +143,12 @@ COMMIT
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -p tcp --dport 993 -j ACCEPT
-A INPUT -s 192.168.0.0/16 -p udp -m udp --dport 137 -j ACCEPT
-A INPUT -s 192.168.0.0/16 -p udp -m udp --dport 138 -j ACCEPT
-A INPUT -s 192.168.0.0/16 -p tcp -m tcp --dport 139 -j ACCEPT
-A INPUT -s 192.168.0.0/16 -p tcp -m tcp --dport 445 -j ACCEPT
-A INPUT -p udp -m udp -s 192.168.0.0/16 --dport 137 -j ACCEPT
-A INPUT -p udp -m udp -s 192.168.0.0/16 --dport 138 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.0.0/16 --dport 139 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.0.0/16 --dport 445 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp6-port-unreachable
-A INPUT -m conntrack --ctstate INVALID -j DROP
COMMIT
"))))