byteio/nixos-config
1
0
Fork 0
mirror of https://github.com/librephoenix/nixos-config synced 2025-11-30 14:43:59 +05:30
Code Issues Projects Releases Packages Wiki Activity

Fix firewall rules

Browse source
This commit is contained in:
Ori 2025-10-12 20:24:32 -05:00
parent de25781b7d
commit 21777622e0
1 changed files with 9 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

19
hosts/ori/configuration.nix
View file

@ -56,15 +56,15 @@
# ip ban ai crawlers # ip ban ai crawlers
let createDropRulesForIpAddress = address: let createDropRulesForIpAddress = address:
'' ''
iptables -C INPUT -s ${address} -j DROP || iptables -A INPUT -s ${address} -j DROP iptables -A INPUT -s ${address} -j DROP
iptables -C OUTPUT -s ${address} -j DROP || iptables -A OUTPUT -s ${address} -j DROP iptables -A OUTPUT -s ${address} -j DROP
iptables -C FORWARD -s ${address} -j DROP || iptables -A FORWARD -s ${address} -j DROP iptables -A FORWARD -s ${address} -j DROP
iptables -C DOCKER -s ${address} -j DROP || iptables -A DOCKER -s ${address} -j DROP iptables -A DOCKER -s ${address} -j DROP
iptables -C DOCKER-BRIDGE -s ${address} -j DROP || iptables -A DOCKER-BRIDGE -s ${address} -j DROP iptables -A DOCKER-BRIDGE -s ${address} -j DROP
iptables -C DOCKER-FORWARD -s ${address} -j DROP || iptables -A DOCKER-FORWARD -s ${address} -j DROP iptables -A DOCKER-FORWARD -s ${address} -j DROP
iptables -C DOCKER-USER -s ${address} -j DROP || iptables -A DOCKER-USER -s ${address} -j DROP iptables -A DOCKER-USER -s ${address} -j DROP
iptables -C DOCKER-ISOLATION-STAGE-1 -s ${address} -j DROP || iptables -A DOCKER-ISOLATION-STAGE-1 -s ${address} -j DROP iptables -A DOCKER-ISOLATION-STAGE-1 -s ${address} -j DROP
iptables -C DOCKER-ISOLATION-STAGE-2 -s ${address} -j DROP || iptables -A DOCKER-ISOLATION-STAGE-2 -s ${address} -j DROP iptables -A DOCKER-ISOLATION-STAGE-2 -s ${address} -j DROP
''; '';
in in
'' ''
@ -215,7 +215,6 @@
${createDropRulesForIpAddress "98.84.200.43"} ${createDropRulesForIpAddress "98.84.200.43"}
${createDropRulesForIpAddress "98.84.60.17"} ${createDropRulesForIpAddress "98.84.60.17"}
${createDropRulesForIpAddress "98.84.70.201"} ${createDropRulesForIpAddress "98.84.70.201"}
${createDropRulesForIpAddress "172.24.0.21"}
''; '';
virtualisation.docker.extraOptions="--iptables=true"; virtualisation.docker.extraOptions="--iptables=true";
}; };