diff options
Diffstat (limited to 'nixpkgs/nixos/doc/manual/configuration/firewall.xml')
| -rw-r--r-- | nixpkgs/nixos/doc/manual/configuration/firewall.xml | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/nixpkgs/nixos/doc/manual/configuration/firewall.xml b/nixpkgs/nixos/doc/manual/configuration/firewall.xml new file mode 100644 index 000000000000..47a19ac82c0f --- /dev/null +++ b/nixpkgs/nixos/doc/manual/configuration/firewall.xml @@ -0,0 +1,37 @@ +<section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-firewall"> + <title>Firewall</title> + + <para> + NixOS has a simple stateful firewall that blocks incoming connections and + other unexpected packets. The firewall applies to both IPv4 and IPv6 traffic. + It is enabled by default. It can be disabled as follows: +<programlisting> +<xref linkend="opt-networking.firewall.enable"/> = false; +</programlisting> + If the firewall is enabled, you can open specific TCP ports to the outside + world: +<programlisting> +<xref linkend="opt-networking.firewall.allowedTCPPorts"/> = [ 80 443 ]; +</programlisting> + Note that TCP port 22 (ssh) is opened automatically if the SSH daemon is + enabled (<option><xref linkend="opt-services.openssh.enable"/> = + true</option>). UDP ports can be opened through + <xref linkend="opt-networking.firewall.allowedUDPPorts"/>. + </para> + + <para> + To open ranges of TCP ports: +<programlisting> +<xref linkend="opt-networking.firewall.allowedTCPPortRanges"/> = [ + { from = 4000; to = 4007; } + { from = 8000; to = 8010; } +]; +</programlisting> + Similarly, UDP port ranges can be opened through + <xref linkend="opt-networking.firewall.allowedUDPPortRanges"/>. + </para> +</section> |