I’ve found the built in nix firewall to be somewhat lacking (can’t have different ports open on different networks for instance, I would rather reduce my attack surface while out on other people’s/public WiFi)
Is it possible to use other firewall software on NixOS declaratively?
You must log in or register to comment.
The nixos firewall can in fact be configured per interface. https://search.nixos.org/options?channel=23.05&show=networking.firewall.interfaces.<name>.allowedTCPPorts&from=0&size=50&sort=relevance&type=packages&query=Networking.Firewall.Interfaces
Well if that link doesn’t work,
networking.firewall.interfaces..allowedTCPPortsIt can be configured per interface, but not per access point
This does actually help as I can just open ports over tailscale and exclusively use that for connections though the ideal is to be able to open ports only when connected to home WiFi
You want firewalld. Not declarative (probably?), but the only option that can dynamically change firewall rules based on the network you are connected to.
Look into firewalld zones.
You can disable the NixOS firewall, install firewalld (or any other firewall solution) and use that if you want.
opnsense and pfsense, though they run on freeBSD
Also OpenWRT if you want to stay on Linux, but OpenWRT is a nightmare for updating