firewall: allow http-alt from internal network

Allow clients from the internal network to access the alternative HTTP port. Signed-off-by: Kenny Ballou <kballou@devnulllabs.io>
author: Kenny Ballou <kballou@devnulllabs.io> 2019-10-30 22:10:10 -0600
committer: Kenny Ballou <kballou@devnulllabs.io> 2019-10-30 22:10:10 -0600
commit: 0d54b9630142daf6daa024205f0be46dcb0d8e08 (patch)
tree: 8933bb874797d85e71fcca327f3701de7963a4f1 /services
parent: c02245fb5dd88474a978cbf637224ca17b667c6f (diff)
download: cfg.nix-0d54b9630142daf6daa024205f0be46dcb0d8e08.tar.gz
cfg.nix-0d54b9630142daf6daa024205f0be46dcb0d8e08.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/services/nftables-rules.nft b/services/nftables-rules.nft
index 98b4be6..d3df0af 100644
--- a/services/nftables-rules.nft
+++ b/services/nftables-rules.nft
@@ -11,7 +11,7 @@ table inet filter {
         udp dport domain ip saddr 172.16.0.0/12 counter accept
         tcp dport 3000 ip saddr 127.0.0.1/8 counter accept
         tcp dport 8000 ip saddr 127.0.0.1/8 counter accept
-        tcp dport http-alt ip saddr 127.0.0.1/8 counter accept
+        tcp dport http-alt ip saddr { 127.0.0.1/8, 10.1.0.0/8 } counter accept
         tcp dport ssh counter accept
         counter
     }
author	Kenny Ballou <kballou@devnulllabs.io>	2019-10-30 22:10:10 -0600
committer	Kenny Ballou <kballou@devnulllabs.io>	2019-10-30 22:10:10 -0600
commit	0d54b9630142daf6daa024205f0be46dcb0d8e08 (patch)
tree	8933bb874797d85e71fcca327f3701de7963a4f1 /services
parent	c02245fb5dd88474a978cbf637224ca17b667c6f (diff)
download	cfg.nix-0d54b9630142daf6daa024205f0be46dcb0d8e08.tar.gz cfg.nix-0d54b9630142daf6daa024205f0be46dcb0d8e08.tar.xz