[Nix-dev] Enabling CUPS unconditionally allows UDP/631 on the firewall
Eelco Dolstra
eelco.dolstra at logicblox.com
Tue Nov 12 15:26:12 CET 2013
Hi,
On 12/11/13 12:36, Domen Kožar wrote:
> To make the question more general: should services by default open needed
> firewall ports
I would say no, unless the service makes no sense without opening the port. For
instance, running sshd without port 22 open doesn't make much sense. OTOH,
running a web server without port 80 open has legitimate uses, so (for instance)
the Apache httpd module doesn't set a firewall rule.
Also, there is currently no way to negate specific definitions of an option of
type "list". You can only do something like
networking.firewall.allowedUDPPorts = mkForce [];
in configuration.nix, but that gets rid of *all* allowed UDP ports.
--
Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/
More information about the nix-dev
mailing list