common: Disable packet filter for all machines.

Enabling netfilter, especially connection tracking modules add unnecessary complexity to the systems. So I really don't want to increase the attack surface of the machine because of that. Just close the ports you don't need and listen locally for stuff that doesn't need to be public and we don't really need to have netfilter enabled. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
author: aszlig <aszlig@redmoonstudios.org> 2014-04-22 06:51:16 +0200
committer: aszlig <aszlig@redmoonstudios.org> 2014-04-22 06:51:16 +0200
commit: 7a5bd8f2f7a40eca90976c1eaa8666ff50f063a1 (patch)
tree: dc28f25989f9af1d6cb6a89914311ea6f92060f8 /common.nix
parent: 3db520d88edfef6cdb3b8fccd4d590e6f8120144 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/common.nix b/common.nix
index 1935f295..25bc8656 100644
--- a/common.nix
+++ b/common.nix
@@ -41,6 +41,7 @@
 
   networking = {
     wireless.enable = false;
+    firewall.enable = false;
   };
 
   fileSystems = {
author	aszlig <aszlig@redmoonstudios.org>	2014-04-22 06:51:16 +0200
committer	aszlig <aszlig@redmoonstudios.org>	2014-04-22 06:51:16 +0200
commit	7a5bd8f2f7a40eca90976c1eaa8666ff50f063a1 (patch)
tree	dc28f25989f9af1d6cb6a89914311ea6f92060f8 /common.nix
parent	3db520d88edfef6cdb3b8fccd4d590e6f8120144 (diff)