firewall: restrict postgresql connections

Restrict postgresql connections to local and internal networks only. Signed-off-by: Kenny Ballou <kballou@devnulllabs.io>
author: Kenny Ballou <kballou@devnulllabs.io> 2019-10-30 22:09:24 -0600
committer: Kenny Ballou <kballou@devnulllabs.io> 2019-10-30 22:09:24 -0600
commit: c02245fb5dd88474a978cbf637224ca17b667c6f (patch)
tree: 0634b90e4858405afb56ef781566f4d2624cded9 /services
parent: 7fbc947b9c282bc4843cb7c50a21113b4cd9e8a8 (diff)
download: cfg.nix-c02245fb5dd88474a978cbf637224ca17b667c6f.tar.gz
cfg.nix-c02245fb5dd88474a978cbf637224ca17b667c6f.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/services/nftables-rules.nft b/services/nftables-rules.nft
index 2c58e3d..98b4be6 100644
--- a/services/nftables-rules.nft
+++ b/services/nftables-rules.nft
@@ -53,7 +53,7 @@ table inet filter {
         tcp dport http-alt counter accept
         tcp dport 3000 ip daddr 127.0.0.1/8 counter accept
         udp dport openvpn counter accept
-        tcp dport postgresql ip daddr counter accept
+        tcp dport postgresql ip daddr { 127.0.0.1/8, 10.0.0.0/8 } counter accept
         counter
     }
 }
author	Kenny Ballou <kballou@devnulllabs.io>	2019-10-30 22:09:24 -0600
committer	Kenny Ballou <kballou@devnulllabs.io>	2019-10-30 22:09:24 -0600
commit	c02245fb5dd88474a978cbf637224ca17b667c6f (patch)
tree	0634b90e4858405afb56ef781566f4d2624cded9 /services
parent	7fbc947b9c282bc4843cb7c50a21113b4cd9e8a8 (diff)
download	cfg.nix-c02245fb5dd88474a978cbf637224ca17b667c6f.tar.gz cfg.nix-c02245fb5dd88474a978cbf637224ca17b667c6f.tar.xz