chore(ada): firewalld hardening
Signed-off-by: s0me1newithhand7s <git+me@hand7s.org>
This commit is contained in:
s0me1newithhand7s
parent
7fce4f6999
commit
ab9fff95a1
1 changed files with 14 additions and 1 deletions
|
|
@ -3,8 +3,21 @@ _: {
|
||||||
firewalld = {
|
firewalld = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
|
settings = {
|
||||||
|
IPv6_rpfilter = "strict";
|
||||||
|
CleanupModulesOnExit = true;
|
||||||
|
StrictForwardPorts = true;
|
||||||
|
logDenied = "off";
|
||||||
|
FlushAllOnReload = "yes";
|
||||||
|
ReloadPolicy = "DROP";
|
||||||
|
RFC3964_IPv4 = "yes";
|
||||||
|
NftablesCounters = "no";
|
||||||
|
NftablesTableOwner = "yes";
|
||||||
|
IndividualCalls = "no";
|
||||||
|
};
|
||||||
|
|
||||||
zones = {
|
zones = {
|
||||||
"eno1" = {
|
"wan" = {
|
||||||
interfaces = [
|
interfaces = [
|
||||||
"ens1"
|
"ens1"
|
||||||
];
|
];
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue