nixpkgs/nixos/doc/manual/configuration/firewall.xml

<section xmlns="http://docbook.org/ns/docbook"
         xmlns:xlink="http://www.w3.org/1999/xlink"
         xmlns:xi="http://www.w3.org/2001/XInclude"
         version="5.0"
         xml:id="sec-firewall">
 <title>Firewall</title>

 <para>
  NixOS has a simple stateful firewall that blocks incoming connections and
  other unexpected packets. The firewall applies to both IPv4 and IPv6 traffic.
  It is enabled by default. It can be disabled as follows:
<programlisting>
<xref linkend="opt-networking.firewall.enable"/> = false;
</programlisting>
  If the firewall is enabled, you can open specific TCP ports to the outside
  world:
<programlisting>
<xref linkend="opt-networking.firewall.allowedTCPPorts"/> = [ 80 443 ];
</programlisting>
  Note that TCP port 22 (ssh) is opened automatically if the SSH daemon is
  enabled (<option><xref linkend="opt-services.openssh.enable"/> =
  true</option>). UDP ports can be opened through
  <xref linkend="opt-networking.firewall.allowedUDPPorts"/>.
 </para>

 <para>
  To open ranges of TCP ports:
<programlisting>
<xref linkend="opt-networking.firewall.allowedTCPPortRanges"/> = [
  { from = 4000; to = 4007; }
  { from = 8000; to = 8010; }
];
</programlisting>
  Similarly, UDP port ranges can be opened through
  <xref linkend="opt-networking.firewall.allowedUDPPortRanges"/>.
 </para>
</section>
Chunk NixOS manual [Squashed commits to make git blame etc. more likely to work. -ED] 2014-08-24 19:18:18 +02:00			`<section xmlns="http://docbook.org/ns/docbook"`
			`xmlns:xlink="http://www.w3.org/1999/xlink"`
			`xmlns:xi="http://www.w3.org/2001/XInclude"`
			`version="5.0"`
			`xml:id="sec-firewall">`
nixos docs: format =) 2018-05-01 19:57:09 -04:00			`<title>Firewall</title>`
Chunk NixOS manual [Squashed commits to make git blame etc. more likely to work. -ED] 2014-08-24 19:18:18 +02:00
nixos docs: format =) 2018-05-01 19:57:09 -04:00			`<para>`
Revert "nixos/doc: re-format" This reverts commit ea6e8775bd69e4676c623a85c39f1da540d29ad1. The new format is not an improvement. 2019-09-19 19:17:30 +02:00			`NixOS has a simple stateful firewall that blocks incoming connections and`
			`other unexpected packets. The firewall applies to both IPv4 and IPv6 traffic.`
			`It is enabled by default. It can be disabled as follows:`
Chunk NixOS manual [Squashed commits to make git blame etc. more likely to work. -ED] 2014-08-24 19:18:18 +02:00			`<programlisting>`
Added cross-references to NixOS manual 2018-04-05 18:43:56 +10:00			`<xref linkend="opt-networking.firewall.enable"/> = false;`
Chunk NixOS manual [Squashed commits to make git blame etc. more likely to work. -ED] 2014-08-24 19:18:18 +02:00			`</programlisting>`
Revert "nixos/doc: re-format" This reverts commit ea6e8775bd69e4676c623a85c39f1da540d29ad1. The new format is not an improvement. 2019-09-19 19:17:30 +02:00			`If the firewall is enabled, you can open specific TCP ports to the outside`
			`world:`
Chunk NixOS manual [Squashed commits to make git blame etc. more likely to work. -ED] 2014-08-24 19:18:18 +02:00			`<programlisting>`
Added cross-references to NixOS manual 2018-04-05 18:43:56 +10:00			`<xref linkend="opt-networking.firewall.allowedTCPPorts"/> = [ 80 443 ];`
Chunk NixOS manual [Squashed commits to make git blame etc. more likely to work. -ED] 2014-08-24 19:18:18 +02:00			`</programlisting>`
Revert "nixos/doc: re-format" This reverts commit ea6e8775bd69e4676c623a85c39f1da540d29ad1. The new format is not an improvement. 2019-09-19 19:17:30 +02:00			`Note that TCP port 22 (ssh) is opened automatically if the SSH daemon is`
			`enabled (<option><xref linkend="opt-services.openssh.enable"/> =`
			`true</option>). UDP ports can be opened through`
			`<xref linkend="opt-networking.firewall.allowedUDPPorts"/>.`
nixos docs: format =) 2018-05-01 19:57:09 -04:00			`</para>`

			`<para>`
			`To open ranges of TCP ports:`
nixos/doc: document the firewall port ranges options 2017-12-10 14:36:44 +01:00			`<programlisting>`
Added cross-references to NixOS manual 2018-04-05 18:43:56 +10:00			`<xref linkend="opt-networking.firewall.allowedTCPPortRanges"/> = [`
nixos/doc: document the firewall port ranges options 2017-12-10 14:36:44 +01:00			`{ from = 4000; to = 4007; }`
			`{ from = 8000; to = 8010; }`
			`];`
			`</programlisting>`
Revert "nixos/doc: re-format" This reverts commit ea6e8775bd69e4676c623a85c39f1da540d29ad1. The new format is not an improvement. 2019-09-19 19:17:30 +02:00			`Similarly, UDP port ranges can be opened through`
			`<xref linkend="opt-networking.firewall.allowedUDPPortRanges"/>.`
nixos docs: format =) 2018-05-01 19:57:09 -04:00			`</para>`
Chunk NixOS manual [Squashed commits to make git blame etc. more likely to work. -ED] 2014-08-24 19:18:18 +02:00			`</section>`