config

commit 6cf894ee688167fecaf26b4e161e1c9213306f82 (tree)
parent c3168bb2d32c83a5d0605eb75be5dfe4893405bc
Author: Motiejus Jakštys <motiejus@jakstys.lt>
Date:   Thu, 24 Aug 2023 23:49:21 +0300

move logRefusedConnections to base

Diffstat:
M
hosts/hel1-a/configuration.nix
 | 
1
-
M
hosts/vm/configuration.nix
 | 
1
-
M
hosts/vno1-oh2/configuration.nix
 | 
1
-
M
hosts/vno1-rp3b/configuration.nix
 | 
1
-
M
modules/base/default.nix
 | 
2
++

5 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/hosts/hel1-a/configuration.nix b/hosts/hel1-a/configuration.nix
@@ -287,7 +287,6 @@
         443
         41641 # tailscale
       ];
-      logRefusedConnections = false;
       checkReversePath = "loose"; # for tailscale
     };
   };
diff --git a/hosts/vm/configuration.nix b/hosts/vm/configuration.nix
@@ -38,7 +38,6 @@ in {
     firewall = {
       allowedTCPPorts = [53];
       allowedUDPPorts = [53];
-      logRefusedConnections = false;
     };
   };
 
diff --git a/hosts/vno1-oh2/configuration.nix b/hosts/vno1-oh2/configuration.nix
@@ -323,7 +323,6 @@
     firewall = {
       allowedUDPPorts = [53 80 443];
       allowedTCPPorts = [53 80 443];
-      logRefusedConnections = false;
       checkReversePath = "loose"; # for tailscale
     };
   };
diff --git a/hosts/vno1-rp3b/configuration.nix b/hosts/vno1-rp3b/configuration.nix
@@ -107,7 +107,6 @@
     firewall = {
       allowedUDPPorts = [myData.ports.kodi];
       allowedTCPPorts = [myData.ports.kodi];
-      logRefusedConnections = false;
       checkReversePath = "loose"; # for tailscale
     };
   };
diff --git a/modules/base/default.nix b/modules/base/default.nix
@@ -143,6 +143,8 @@
       #vim.defaultEditor = true;
     };
 
+    networking.firewall.logRefusedConnections = false;
+
     services = {
       chrony = {
         enable = true;