diff options
author | Orivej Desh <orivej@gmx.fr> | 2017-12-20 23:51:08 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-12-20 23:51:08 +0000 |
commit | b6790790457c8a4fb246bcc904b68de6b62a7bb0 (patch) | |
tree | 17759268a78f7d5c3ade4756b8540624b61959fe /nixos | |
parent | adc5c9b83df203c9e425efe00f9a788ed3554c2d (diff) | |
parent | 63af1f78075ace8893d5a49899b38c558cf6441d (diff) | |
download | nixlib-b6790790457c8a4fb246bcc904b68de6b62a7bb0.tar nixlib-b6790790457c8a4fb246bcc904b68de6b62a7bb0.tar.gz nixlib-b6790790457c8a4fb246bcc904b68de6b62a7bb0.tar.bz2 nixlib-b6790790457c8a4fb246bcc904b68de6b62a7bb0.tar.lz nixlib-b6790790457c8a4fb246bcc904b68de6b62a7bb0.tar.xz nixlib-b6790790457c8a4fb246bcc904b68de6b62a7bb0.tar.zst nixlib-b6790790457c8a4fb246bcc904b68de6b62a7bb0.zip |
Merge pull request #32540 from rnhmjoj/portrange
nixos/doc: document the firewall port ranges options
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/configuration/firewall.xml | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/nixos/doc/manual/configuration/firewall.xml b/nixos/doc/manual/configuration/firewall.xml index 87406c28c2f7..75cccef95b38 100644 --- a/nixos/doc/manual/configuration/firewall.xml +++ b/nixos/doc/manual/configuration/firewall.xml @@ -23,10 +23,23 @@ networking.firewall.allowedTCPPorts = [ 80 443 ]; </programlisting> Note that TCP port 22 (ssh) is opened automatically if the SSH daemon -is enabled (<option>services.openssh.enable = true</option>). UDP +is enabled (<option>services.openssh.enable = true</option>). UDP ports can be opened through -<option>networking.firewall.allowedUDPPorts</option>. Also of -interest is +<option>networking.firewall.allowedUDPPorts</option>.</para> + +<para>To open ranges of TCP ports: + +<programlisting> +networking.firewall.allowedTCPPortRanges = [ + { from = 4000; to = 4007; } + { from = 8000; to = 8010; } +]; +</programlisting> + +Similarly, UDP port ranges can be opened through +<option>networking.firewall.allowedUDPPortRanges</option>.</para> + +<para>Also of interest is <programlisting> networking.firewall.allowPing = true; |