hyperreal/techne
1
0
Fork 0
mirror of https://codeberg.org/hyperreal/techne synced 2024-11-01 14:23:06 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
b4ff8fb0c2
techne/firewalld.org

30 lines
854 B
Org Mode
Raw Normal View History

Push content
2024-09-21 04:17:26 +02:00
#+title: Firewalld
#+setupfile: ../org-templates/page.org
Edit firewall.org, freebsd.org
2024-09-24 04:23:08 +02:00
** Allow connections only from tailnet
Push content
2024-09-21 04:17:26 +02:00
Edit firewall.org, freebsd.org
2024-09-24 04:23:08 +02:00
Create a new zone for the ~tailscale0~ interface.
Push content
2024-09-21 04:17:26 +02:00
Edit firewall.org, freebsd.org
2024-09-24 04:23:08 +02:00
#+BEGIN_SRC shell
sudo firewall-cmd --permanent --new-zone=tailnet
sudo firewall-cmd --permanent --zone=tailnet --add-interface=tailscale0
Push content
2024-09-21 04:17:26 +02:00
sudo firewall-cmd --reload
Edit firewall.org, freebsd.org
2024-09-24 04:23:08 +02:00
#+END_SRC
Add services and ports to the ~tailnet~ zone.
Push content
2024-09-21 04:17:26 +02:00
Edit firewall.org, freebsd.org
2024-09-24 04:23:08 +02:00
#+BEGIN_SRC shell
sudo firewall-cmd --permanent --zone=tailnet --add-service={http,https,ssh}
sudo firewall-cmd --permanent --zone=tailnet --add-port=9100/tcp
Push content
2024-09-21 04:17:26 +02:00
sudo firewall-cmd --reload
Edit firewall.org, freebsd.org
2024-09-24 04:23:08 +02:00
#+END_SRC
Ensure the ~public~ zone does not have any interfaces or sources.
#+BEGIN_SRC shell
sudo firewall-cmd --permanent --zone=public --remove-interface=eth0
Push content
2024-09-21 04:17:26 +02:00
sudo firewall-cmd --reload
Edit firewall.org, freebsd.org
2024-09-24 04:23:08 +02:00
#+END_SRC
The firewall should now only allow traffic coming from the tailnet interface, ~tailscale0~.
Reference in New Issue Copy Permalink