# Snippets Snippets are meant as method of definig very high-level options, that may be very opinionated and thus not suited for everybody. Snippets can be enabled individually. They can be definied by third parties, so to circumvent name collisions all snippets defined by this repository are prefixed with `nnf-`. Please do not use this prefix for any snippets defined by other repositories, though it might be advised you pick your own prefix. Snippets are considered less stable than the rest of this repository. As they usually are quite opionated, when they get inproved, you might not actually cosider those changes an improvement. Please consider that when using snippets, you can always just copy and modify them for your needs. When updating this repository give it a quick look to see what has changed with the snippets you use. ## nnf-common This snippets enables the firewall and many other snippets. Currently the following ones get enables. ### networking.nftables.firewall.snippets.nnf-common.enable

Name

``` networking.nftables.firewall.snippets.nnf-common.enable ```

Description

Whether to enable the nnf-common firewall snippet.

Type

``` boolean ```

Default

``` false ```

Example

``` true ```

Declared in

modules/snippets/nnf-common.nix

## nnf-default-stopRuleset ### networking.nftables.firewall.snippets.nnf-default-stopRuleset.allowedTCPPorts

Name

``` networking.nftables.firewall.snippets.nnf-default-stopRuleset.allowedTCPPorts ```

Description

List of allowd TCP ports while the firewall is disabled.

Type

``` list of 16 bit unsigned integer; between 0 and 65535 (both inclusive) ```

Default

``` config.services.openssh.ports ```

Declared in

modules/snippets/nnf-default-stopRuleset.nix

### networking.nftables.firewall.snippets.nnf-default-stopRuleset.enable

Name

``` networking.nftables.firewall.snippets.nnf-default-stopRuleset.enable ```

Description

Whether to enable the nnf-default-stopRuleset snippet.

Type

``` boolean ```

Default

``` false ```

Example

``` true ```

Declared in

modules/snippets/nnf-default-stopRuleset.nix

## nnf-conntrack ### networking.nftables.firewall.snippets.nnf-conntrack.enable

Name

``` networking.nftables.firewall.snippets.nnf-conntrack.enable ```

Description

Whether to enable the nnf-conntrack firewall snippet.

Type

``` boolean ```

Default

``` false ```

Example

``` true ```

Declared in

modules/snippets/nnf-conntrack.nix

## nnf-dhcpv6 ### networking.nftables.firewall.snippets.nnf-dhcpv6.enable

Name

``` networking.nftables.firewall.snippets.nnf-dhcpv6.enable ```

Description

Whether to enable the nnf-dhcpv6 firewall snippet.

Type

``` boolean ```

Default

``` false ```

Example

``` true ```

Declared in

modules/snippets/nnf-dhcpv6.nix

## nnf-drop ### networking.nftables.firewall.snippets.nnf-drop.enable

Name

``` networking.nftables.firewall.snippets.nnf-drop.enable ```

Description

Whether to enable the nnf-drop firewall snippet.

Type

``` boolean ```

Default

``` false ```

Example

``` true ```

Declared in

modules/snippets/nnf-drop.nix

## nnf-icmp ### networking.nftables.firewall.snippets.nnf-icmp.enable

Name

``` networking.nftables.firewall.snippets.nnf-icmp.enable ```

Description

Whether to enable the nnf-icmp firewall snippet.

Type

``` boolean ```

Default

``` false ```

Example

``` true ```

Declared in

modules/snippets/nnf-icmp.nix

### networking.nftables.firewall.snippets.nnf-icmp.ipv4Types

Name

``` networking.nftables.firewall.snippets.nnf-icmp.ipv4Types ```

Description

List of allowed ICMP types.

Type

``` list of string ```

Default

``` [ "echo-request" "router-advertisement" ] ```

Declared in

modules/snippets/nnf-icmp.nix

### networking.nftables.firewall.snippets.nnf-icmp.ipv6Types

Name

``` networking.nftables.firewall.snippets.nnf-icmp.ipv6Types ```

Description

List of allowed ICMPv6 types.

Type

``` list of string ```

Default

``` [ "echo-request" "nd-router-advert" "nd-neighbor-solicit" "nd-neighbor-advert" ] ```

Declared in

modules/snippets/nnf-icmp.nix

## nnf-loopback ### networking.nftables.firewall.snippets.nnf-loopback.enable

Name

``` networking.nftables.firewall.snippets.nnf-loopback.enable ```

Description

Whether to enable the nnf-loopback firewall snippet.

Type

``` boolean ```

Default

``` false ```

Example

``` true ```

Declared in

modules/snippets/nnf-loopback.nix

## nnf-nixos-firewall ### networking.nftables.firewall.snippets.nnf-nixos-firewall.enable

Name

``` networking.nftables.firewall.snippets.nnf-nixos-firewall.enable ```

Description

Whether to enable the nnf-nixos-firewall firewall snippet.

Type

``` boolean ```

Default

``` false ```

Example

``` true ```

Declared in

modules/snippets/nnf-nixos-firewall.nix

## nnf-ssh ### networking.nftables.firewall.snippets.nnf-ssh.enable

Name

``` networking.nftables.firewall.snippets.nnf-ssh.enable ```

Description

Whether to enable the nnf-ssh firewall snippet.

Type

``` boolean ```

Default

``` false ```

Example

``` true ```

Declared in

modules/snippets/nnf-ssh.nix