From 07e61adc1e1349370df6f58d8d66366224dfc4e1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= <motiejus@jakstys.lt>
Date: Thu, 21 Sep 2023 15:08:26 +0300
Subject: [PATCH] firewall: reject packets on some hosts

---
 hosts/vno1-oh2/configuration.nix  | 1 +
 hosts/vno3-rp3b/configuration.nix | 1 +
 2 files changed, 2 insertions(+)

diff --git a/hosts/vno1-oh2/configuration.nix b/hosts/vno1-oh2/configuration.nix
index 6ed22dc..e062b45 100644
--- a/hosts/vno1-oh2/configuration.nix
+++ b/hosts/vno1-oh2/configuration.nix
@@ -624,6 +624,7 @@
     firewall = {
       allowedUDPPorts = [53 80 443];
       allowedTCPPorts = [53 80 443];
+      rejectPackets = true;
     };
   };
 }
diff --git a/hosts/vno3-rp3b/configuration.nix b/hosts/vno3-rp3b/configuration.nix
index 2f5aa0e..d964e8b 100644
--- a/hosts/vno3-rp3b/configuration.nix
+++ b/hosts/vno3-rp3b/configuration.nix
@@ -116,6 +116,7 @@
     hostName = "vno3-rp3b";
     domain = "servers.jakst";
     dhcpcd.enable = true;
+    firewall.rejectPackets = true;
   };
 
   nixpkgs.hostPlatform = "aarch64-linux";