diff options
author | aszlig <aszlig@redmoonstudios.org> | 2014-04-22 06:51:16 +0200 |
---|---|---|
committer | aszlig <aszlig@redmoonstudios.org> | 2014-04-22 06:51:16 +0200 |
commit | 7a5bd8f2f7a40eca90976c1eaa8666ff50f063a1 (patch) | |
tree | dc28f25989f9af1d6cb6a89914311ea6f92060f8 /common.nix | |
parent | 3db520d88edfef6cdb3b8fccd4d590e6f8120144 (diff) |
common: Disable packet filter for all machines.
Enabling netfilter, especially connection tracking modules add unnecessary complexity to the systems. So I really don't want to increase the attack surface of the machine because of that. Just close the ports you don't need and listen locally for stuff that doesn't need to be public and we don't really need to have netfilter enabled. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Diffstat (limited to 'common.nix')
-rw-r--r-- | common.nix | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/common.nix b/common.nix index 1935f295..25bc8656 100644 --- a/common.nix +++ b/common.nix @@ -41,6 +41,7 @@ networking = { wireless.enable = false; + firewall.enable = false; }; fileSystems = { |