search

thelegy / nixos-nftables-firewall

A zone based firewall built ontop of nftables for nixos
https://thelegy.github.io/nixos-nftables-firewall/
MIT License
39 stars 5 forks source link

Practical examples #12

Open serpent213 opened 10 months ago

serpent213 commented 10 months ago

Looks very promising! But I'm new to NixOS and also to nftables, so I'm having a hard time putting it to use.

In my case, I would appreciate an example for an internet server with several external IPv4 and v6 IPs and several NixOS containers providing services to the outside world and to each other. 🙂

thelegy commented 9 months ago

Hi there, sorry for the wait. I have just finished writing a small quickstart guide.

Also the checks are some example configurations that get tested against some pinned nft ruleset. So it might give you a sense of what is generated, if you supply some configuration.

As I actually use it, there is also some examples somewhere in my nix configurations but I tend to not put my firewall configuration in a single spot, but rather add roles on the go in the modules they belong to. You can just search for nftables or firewall in it.

I hope that helps you. I would actually like to improve the documentation further, but sadly I am really short on time.

steveej commented 8 months ago

i'd like to add to the wishlist :slightly_smiling_face: e.g.

  1. redirect a destination port to a different port on localhost
  2. redirect a destination port to a different host on lan
  3. redirect all traffic except for the ssh port to a host on lan

these should be relatively common use-cases and, being new to both nftables and this library, it's not obvious to me how to do this here.

as this is my first post in this repo, thank you for creating this library :raised_hands: