Snippets¶
Snippets are meant as method of definig very high-level options, that may be very opinionated and thus not suited for everybody.
Snippets can be enabled individually. They can be definied by third parties, so to circumvent name collisions all snippets defined by this repository are prefixed with nnf-. Please do not use this prefix for any snippets defined by other repositories, though it might be advised you pick your own prefix.
Snippets are considered less stable than the rest of this repository. As they usually are quite opionated, when they get inproved, you might not actually cosider those changes an improvement. Please consider that when using snippets, you can always just copy and modify them for your needs. When updating this repository give it a quick look to see what has changed with the snippets you use.
nnf-common¶
This snippets enables the firewall and many other snippets. Currently the following ones get enables.
networking.nftables.firewall.snippets.nnf-common.enable¶
networking.nftables.firewall.snippets.nnf-common.enable
Whether to enable the nnf-common firewall snippet.
boolean
false
true
nnf-default-stopRuleset¶
networking.nftables.firewall.snippets.nnf-default-stopRuleset.allowedTCPPorts¶
networking.nftables.firewall.snippets.nnf-default-stopRuleset.allowedTCPPorts
List of allowd TCP ports while the firewall is disabled.
list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)
config.services.openssh.ports
networking.nftables.firewall.snippets.nnf-default-stopRuleset.enable¶
networking.nftables.firewall.snippets.nnf-default-stopRuleset.enable
Whether to enable the nnf-default-stopRuleset snippet.
boolean
false
true
nnf-conntrack¶
networking.nftables.firewall.snippets.nnf-conntrack.enable¶
networking.nftables.firewall.snippets.nnf-conntrack.enable
Whether to enable the nnf-conntrack firewall snippet.
boolean
false
true
nnf-dhcpv6¶
networking.nftables.firewall.snippets.nnf-dhcpv6.enable¶
networking.nftables.firewall.snippets.nnf-dhcpv6.enable
Whether to enable the nnf-dhcpv6 firewall snippet.
boolean
false
true
nnf-drop¶
networking.nftables.firewall.snippets.nnf-drop.enable¶
networking.nftables.firewall.snippets.nnf-drop.enable
Whether to enable the nnf-drop firewall snippet.
boolean
false
true
nnf-icmp¶
networking.nftables.firewall.snippets.nnf-icmp.enable¶
networking.nftables.firewall.snippets.nnf-icmp.enable
Whether to enable the nnf-icmp firewall snippet.
boolean
false
true
networking.nftables.firewall.snippets.nnf-icmp.ipv4Types¶
networking.nftables.firewall.snippets.nnf-icmp.ipv4Types
List of allowed ICMP types.
list of string
[
"echo-request"
"router-advertisement"
]
networking.nftables.firewall.snippets.nnf-icmp.ipv6Types¶
networking.nftables.firewall.snippets.nnf-icmp.ipv6Types
List of allowed ICMPv6 types.
list of string
[
"echo-request"
"nd-router-advert"
"nd-neighbor-solicit"
"nd-neighbor-advert"
]
nnf-loopback¶
networking.nftables.firewall.snippets.nnf-loopback.enable¶
networking.nftables.firewall.snippets.nnf-loopback.enable
Whether to enable the nnf-loopback firewall snippet.
boolean
false
true
nnf-nixos-firewall¶
networking.nftables.firewall.snippets.nnf-nixos-firewall.enable¶
networking.nftables.firewall.snippets.nnf-nixos-firewall.enable
Whether to enable the nnf-nixos-firewall firewall snippet.
boolean
false
true
nnf-ssh¶
networking.nftables.firewall.snippets.nnf-ssh.enable¶
networking.nftables.firewall.snippets.nnf-ssh.enable
Whether to enable the nnf-ssh firewall snippet.
boolean
false
true