diff options
Diffstat (limited to 'nixpkgs/nixos/doc/manual/configuration/firewall.section.md')
-rw-r--r-- | nixpkgs/nixos/doc/manual/configuration/firewall.section.md | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/nixpkgs/nixos/doc/manual/configuration/firewall.section.md b/nixpkgs/nixos/doc/manual/configuration/firewall.section.md index dbf0ffb9273e..9a71217944ee 100644 --- a/nixpkgs/nixos/doc/manual/configuration/firewall.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/firewall.section.md @@ -5,14 +5,18 @@ and other unexpected packets. The firewall applies to both IPv4 and IPv6 traffic. It is enabled by default. It can be disabled as follows: ```nix -networking.firewall.enable = false; +{ + networking.firewall.enable = false; +} ``` If the firewall is enabled, you can open specific TCP ports to the outside world: ```nix -networking.firewall.allowedTCPPorts = [ 80 443 ]; +{ + networking.firewall.allowedTCPPorts = [ 80 443 ]; +} ``` Note that TCP port 22 (ssh) is opened automatically if the SSH daemon is @@ -22,10 +26,12 @@ enabled (`services.openssh.enable = true`). UDP ports can be opened through To open ranges of TCP ports: ```nix -networking.firewall.allowedTCPPortRanges = [ - { from = 4000; to = 4007; } - { from = 8000; to = 8010; } -]; +{ + networking.firewall.allowedTCPPortRanges = [ + { from = 4000; to = 4007; } + { from = 8000; to = 8010; } + ]; +} ``` Similarly, UDP port ranges can be opened through |