Peter Simons writes: > Hi, > > > Running sshd without port 22 open doesn't make much sense. > > well, I know at least one person who has a locally running SSH daemon > for no reason other than being able to use "ssh root@localhost" as a > fancy replacement for sudo. For that use case, it's not necessary (nor > desirable) to have the firewall enable access from the outside world. > > Personally, I would argue that no service should open up ports in the > firewall, ever. Only the administrator should do that.
I agree here. It's not transparent enough which ports are opened on the NixOS firewall when you enable service. Maybe there should be a convention that every service opening ports also declares a 'port' attribute, enabling configurations like: networking.firewall.allowedTCPPorts = [ services.sshd.port ]; > Just my 2 cents, > Peter > > _______________________________________________ > nix-dev mailing list > [email protected] > http://lists.science.uu.nl/mailman/listinfo/nix-dev -- Moritz Ulrich
pgpsoMBAP8QDF.pgp
Description: PGP signature
_______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
