machines/profpatsch/workstation: enable firewall

author: Profpatsch <mail@profpatsch.de> 2018-12-22 00:15:00 +0100
committer: Profpatsch <mail@profpatsch.de> 2018-12-22 00:15:00 +0100
commit: df8d40b1a0ba65b4706628e12f895fb7839b2a3b (patch)
tree: 14a65d88654bb2ad9636bfb922dfd0747c2cc588 /machines/profpatsch/base-workstation.nix
parent: f790ef33812bd8058a51a26dae1a1910e10722e6 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/machines/profpatsch/base-workstation.nix b/machines/profpatsch/base-workstation.nix
index e19a755b..41753ebd 100644
--- a/machines/profpatsch/base-workstation.nix
+++ b/machines/profpatsch/base-workstation.nix
@@ -22,7 +22,13 @@ in {
     hardware.cpu.intel.updateMicrocode = true;
 
     networking = {
-      firewall.enable = false;
+      # better for untrusted networks
+      firewall = {
+        enable = true;
+        # for manual/temporary stuff
+        allowedTCPPortRanges =
+          [{ from = 9990; to = 9999; }];
+      };
     };
 
     i18n = {
author	Profpatsch <mail@profpatsch.de>	2018-12-22 00:15:00 +0100
committer	Profpatsch <mail@profpatsch.de>	2018-12-22 00:15:00 +0100
commit	df8d40b1a0ba65b4706628e12f895fb7839b2a3b (patch)
tree	14a65d88654bb2ad9636bfb922dfd0747c2cc588 /machines/profpatsch/base-workstation.nix
parent	f790ef33812bd8058a51a26dae1a1910e10722e6 (diff)