diff options
author | Kenny Ballou <kballou@devnulllabs.io> | 2019-10-30 22:09:24 -0600 |
---|---|---|
committer | Kenny Ballou <kballou@devnulllabs.io> | 2019-10-30 22:09:24 -0600 |
commit | c02245fb5dd88474a978cbf637224ca17b667c6f (patch) | |
tree | 0634b90e4858405afb56ef781566f4d2624cded9 /services | |
parent | 7fbc947b9c282bc4843cb7c50a21113b4cd9e8a8 (diff) | |
download | cfg.nix-c02245fb5dd88474a978cbf637224ca17b667c6f.tar.gz cfg.nix-c02245fb5dd88474a978cbf637224ca17b667c6f.tar.xz |
firewall: restrict postgresql connections
Restrict postgresql connections to local and internal networks only.
Signed-off-by: Kenny Ballou <kballou@devnulllabs.io>
Diffstat (limited to 'services')
-rw-r--r-- | services/nftables-rules.nft | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/services/nftables-rules.nft b/services/nftables-rules.nft index 2c58e3d..98b4be6 100644 --- a/services/nftables-rules.nft +++ b/services/nftables-rules.nft @@ -53,7 +53,7 @@ table inet filter { tcp dport http-alt counter accept tcp dport 3000 ip daddr 127.0.0.1/8 counter accept udp dport openvpn counter accept - tcp dport postgresql ip daddr counter accept + tcp dport postgresql ip daddr { 127.0.0.1/8, 10.0.0.0/8 } counter accept counter } } |