From 09ca9341f94365d04af34d9461fa06954f2d345a Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Fri, 20 Dec 2024 23:53:38 +0100
Subject: [PATCH] feat(ninurta): make firewall configuration a little more
 restrictive

---
 nixos/ninurta/configuration.nix | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix
index 9eba60d..e188991 100644
--- a/nixos/ninurta/configuration.nix
+++ b/nixos/ninurta/configuration.nix
@@ -376,17 +376,21 @@ in
     enable = true;
     allowPing = true;
     allowedTCPPorts = [
-      22 # SSH
       2222 # SSH
-      80 # munin web
-      631 # Printing
     ];
     allowedUDPPorts = [
-      631 # Printing
       51234 # Wireguard
       51235 # Wireguard
     ];
     interfaces = {
+      br0.allowedTCPPorts = [
+        22 # SSH
+        80 # munin web
+        631 # IPP
+      ];
+      br0.allowedUDPPorts = [
+        631 # IPP
+      ];
       uwu.allowedTCPPorts = [
         softServePort
       ];