1
1

Updated system config

This commit is contained in:
Collin J. Doering 2019-09-06 00:58:39 -04:00
parent ed9be42ff1
commit 3b89e0714e

View File

@ -48,7 +48,7 @@
(shell #~(string-append #$zsh "/bin/zsh"))
(home-directory "/home/collin")
(supplementary-groups
'("wheel" "docker" "netdev" "audio" "video")))
'("wheel" "docker" "kvm" "netdev" "audio" "video")))
%base-user-accounts))
(packages
@ -66,6 +66,7 @@
"emacs-guix"
"emacs-exwm"
"graphviz"
"iptables"
"tmux"
"xterm"
"xrandr"
@ -73,4 +74,24 @@
%base-packages))
(services (cons* (service docker-service-type)
(service iptables-service-type
(iptables-configuration
(ipv4-rules (plain-file "iptables.rules" "*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [628:62522]
:TCP - [0:0]
:UDP - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT
-A INPUT -p udp -m conntrack --ctstate NEW -j UDP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j TCP
-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -j REJECT --reject-with tcp-reset
-A INPUT -j REJECT --reject-with icmp-proto-unreachable
-A TCP -p tcp -m tcp --dport 22 -j ACCEPT
COMMIT
"))))
%desktop-services)))