Hi, On 12/11/13 12:36, Domen Kožar wrote:
> To make the question more general: should services by default open needed > firewall ports I would say no, unless the service makes no sense without opening the port. For instance, running sshd without port 22 open doesn't make much sense. OTOH, running a web server without port 80 open has legitimate uses, so (for instance) the Apache httpd module doesn't set a firewall rule. Also, there is currently no way to negate specific definitions of an option of type "list". You can only do something like networking.firewall.allowedUDPPorts = mkForce []; in configuration.nix, but that gets rid of *all* allowed UDP ports. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ _______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
