diff options
| author | Baptiste Jonglez <git@bitsofnetworks.org> | 2025-02-10 22:37:55 +0100 |
|---|---|---|
| committer | Baptiste Jonglez <git@bitsofnetworks.org> | 2025-02-10 22:37:55 +0100 |
| commit | 4bf7f9a76bbcf66f329676477a5ef76cf7be1cea (patch) | |
| tree | c205155edcd5d2e6c3bcbb1a62857e5aed7e6bc2 /nix | |
| parent | c4e5ddb24b759714e520f68c2fa6cdfe8e60457f (diff) | |
| download | nixcfg-4bf7f9a76bbcf66f329676477a5ef76cf7be1cea.tar.gz nixcfg-4bf7f9a76bbcf66f329676477a5ef76cf7be1cea.zip | |
Update firewall config to avoid timeouts and avoid spamming logs
Diffstat (limited to 'nix')
| -rw-r--r-- | nix/deuxfleurs.nix | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/nix/deuxfleurs.nix b/nix/deuxfleurs.nix index 1b9ae3d..43e8c91 100644 --- a/nix/deuxfleurs.nix +++ b/nix/deuxfleurs.nix @@ -421,6 +421,12 @@ in cfg.wireguardPort ]; + # Don't spam logs with refused connections + logRefusedConnections = false; + + # Use REJECT instead of DROP, to avoid timeouts (e.g. when trying to connect to the wrong SSH port) + rejectPackets = true; + # Allow specific hosts access to specific things in the cluster extraCommands = '' # Allow UDP packets comming from port 1900 from a local address, |