secure munin-node with firewall
This commit is contained in:
parent
bd0d73cc33
commit
79c9b0bb75
SSH key fingerprint:
SHA256:bFAjFH3hR8zRBaJjzQDjc3o4jqoq5EZ87l+KXEjxIz0
2 changed files with 12 additions and 4 deletions
|
|
@ -367,15 +367,21 @@ in
|
||||||
22 # SSH
|
22 # SSH
|
||||||
80 # munin web
|
80 # munin web
|
||||||
631 # Printing
|
631 # Printing
|
||||||
3000 # Hydra
|
|
||||||
softServePort
|
|
||||||
];
|
];
|
||||||
allowedUDPPorts = [
|
allowedUDPPorts = [
|
||||||
631 # Printing
|
631 # Printing
|
||||||
51234 # Wireguard
|
51234 # Wireguard
|
||||||
51235 # Wireguard
|
51235 # Wireguard
|
||||||
];
|
];
|
||||||
logReversePathDrops = true;
|
interfaces = {
|
||||||
|
uwu.allowedTCPPorts = [
|
||||||
|
softServePort
|
||||||
|
];
|
||||||
|
wg0.allowedTCPPorts = [
|
||||||
|
3000 # Hydra
|
||||||
|
4949 # munin-node
|
||||||
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.resolved.enable = true;
|
services.resolved.enable = true;
|
||||||
|
|
|
||||||
|
|
@ -123,12 +123,14 @@ in
|
||||||
22 # SSH
|
22 # SSH
|
||||||
80
|
80
|
||||||
443 # HTTPS
|
443 # HTTPS
|
||||||
4949 # munin-node
|
|
||||||
];
|
];
|
||||||
allowedUDPPorts = [
|
allowedUDPPorts = [
|
||||||
51234 # Wireguard
|
51234 # Wireguard
|
||||||
51235 # Wireguard
|
51235 # Wireguard
|
||||||
];
|
];
|
||||||
|
interfaces.ninurta.allowedTCPPorts = [
|
||||||
|
4949 # munin-node
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
# Use the GRUB 2 boot loader.
|
# Use the GRUB 2 boot loader.
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue