about summary refs log tree commit diff
path: root/nixpkgs/nixos/doc/manual/configuration/firewall.section.md
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/nixos/doc/manual/configuration/firewall.section.md')
-rw-r--r--nixpkgs/nixos/doc/manual/configuration/firewall.section.md18
1 files changed, 12 insertions, 6 deletions
diff --git a/nixpkgs/nixos/doc/manual/configuration/firewall.section.md b/nixpkgs/nixos/doc/manual/configuration/firewall.section.md
index dbf0ffb9273e..9a71217944ee 100644
--- a/nixpkgs/nixos/doc/manual/configuration/firewall.section.md
+++ b/nixpkgs/nixos/doc/manual/configuration/firewall.section.md
@@ -5,14 +5,18 @@ and other unexpected packets. The firewall applies to both IPv4 and IPv6
 traffic. It is enabled by default. It can be disabled as follows:
 
 ```nix
-networking.firewall.enable = false;
+{
+  networking.firewall.enable = false;
+}
 ```
 
 If the firewall is enabled, you can open specific TCP ports to the
 outside world:
 
 ```nix
-networking.firewall.allowedTCPPorts = [ 80 443 ];
+{
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+}
 ```
 
 Note that TCP port 22 (ssh) is opened automatically if the SSH daemon is
@@ -22,10 +26,12 @@ enabled (`services.openssh.enable = true`). UDP ports can be opened through
 To open ranges of TCP ports:
 
 ```nix
-networking.firewall.allowedTCPPortRanges = [
-  { from = 4000; to = 4007; }
-  { from = 8000; to = 8010; }
-];
+{
+  networking.firewall.allowedTCPPortRanges = [
+    { from = 4000; to = 4007; }
+    { from = 8000; to = 8010; }
+  ];
+}
 ```
 
 Similarly, UDP port ranges can be opened through
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-20 10:21:33 +0000