From 083a7cbb9623c90468c887203bf95adc5f2e3201 Mon Sep 17 00:00:00 2001
From: ene <ene@sils.li>
Date: Sun, 19 Mar 2023 17:43:26 +0100
Subject: Fix(system/mail): Only accept connections on safe ports

It is sort of standard to ignore connections over the unencrypted port
25, thus we are doing the same.
---
 system/services/firewall/default.nix | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 system/services/firewall/default.nix

(limited to 'system/services/firewall/default.nix')

diff --git a/system/services/firewall/default.nix b/system/services/firewall/default.nix
new file mode 100644
index 0000000..23dbcc4
--- /dev/null
+++ b/system/services/firewall/default.nix
@@ -0,0 +1,11 @@
+# vim: ts=2
+{...}: {
+  networking.firewall = {
+    allowedTCPPorts = [
+      # for mail protocols:
+      465 # SMTP SSL
+      995 # POP3 SSL
+      993 # IMAP SSL
+    ];
+  };
+}
-- 
cgit 1.4.1