diff options
author | Kenny Ballou <kballou@devnulllabs.io> | 2019-10-30 22:10:10 -0600 |
---|---|---|
committer | Kenny Ballou <kballou@devnulllabs.io> | 2019-10-30 22:10:10 -0600 |
commit | 0d54b9630142daf6daa024205f0be46dcb0d8e08 (patch) | |
tree | 8933bb874797d85e71fcca327f3701de7963a4f1 /services | |
parent | c02245fb5dd88474a978cbf637224ca17b667c6f (diff) | |
download | cfg.nix-0d54b9630142daf6daa024205f0be46dcb0d8e08.tar.gz cfg.nix-0d54b9630142daf6daa024205f0be46dcb0d8e08.tar.xz |
firewall: allow http-alt from internal network
Allow clients from the internal network to access the alternative HTTP
port.
Signed-off-by: Kenny Ballou <kballou@devnulllabs.io>
Diffstat (limited to 'services')
-rw-r--r-- | services/nftables-rules.nft | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/services/nftables-rules.nft b/services/nftables-rules.nft index 98b4be6..d3df0af 100644 --- a/services/nftables-rules.nft +++ b/services/nftables-rules.nft @@ -11,7 +11,7 @@ table inet filter { udp dport domain ip saddr 172.16.0.0/12 counter accept tcp dport 3000 ip saddr 127.0.0.1/8 counter accept tcp dport 8000 ip saddr 127.0.0.1/8 counter accept - tcp dport http-alt ip saddr 127.0.0.1/8 counter accept + tcp dport http-alt ip saddr { 127.0.0.1/8, 10.1.0.0/8 } counter accept tcp dport ssh counter accept counter } |