Nix / NixOS

2406 readers

11 users here now

Main links

Videos

founded 2 years ago

MODERATORS

erlingur@programming.dev

ballmerpeaking@programming.dev

WhiteBlackGoose@programming.dev

Are there alternatives for the NixOS firewall? (lemm.ee)

submitted 2 years ago* (last edited 2 years ago) by flashgnash@lemm.ee to c/nix@programming.dev

6 comments fedilink hide all child comments

I've found the built in nix firewall to be somewhat lacking (can't have different ports open on different networks for instance, I would rather reduce my attack surface while out on other people's/public WiFi)

Is it possible to use other firewall software on NixOS declaratively?

you are viewing a single comment's thread
view the rest of the comments

[–] adamcstephens@lemmy.zip 1 points 2 years ago (3 children)

The nixos firewall can in fact be configured per interface. https://search.nixos.org/options?channel=23.05&show=networking.firewall.interfaces.%3Cname%3E.allowedTCPPorts&from=0&size=50&sort=relevance&type=packages&query=Networking.Firewall.Interfaces

[–] flashgnash@lemm.ee 0 points 2 years ago (1 children)

It can be configured per interface, but not per access point

This does actually help as I can just open ports over tailscale and exclusively use that for connections though the ideal is to be able to open ports only when connected to home WiFi

[–] moonpiedumplings@programming.dev 1 points 2 years ago* (last edited 2 years ago)

You want firewalld. Not declarative (probably?), but the only option that can dynamically change firewall rules based on the network you are connected to.

Look into firewalld zones.

load more comments (1 replies)