I’ve found the built in nix firewall to be somewhat lacking (can’t have different ports open on different networks for instance, I would rather reduce my attack surface while out on other people’s/public WiFi)

Is it possible to use other firewall software on NixOS declaratively?

  • flashgnash@lemm.eeOP
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    2
    ·
    1 year ago

    It can be configured per interface, but not per access point

    This does actually help as I can just open ports over tailscale and exclusively use that for connections though the ideal is to be able to open ports only when connected to home WiFi

    • moonpiedumplings
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 year ago

      You want firewalld. Not declarative (probably?), but the only option that can dynamically change firewall rules based on the network you are connected to.

      Look into firewalld zones.