29 lines
1.0 KiB
Nix
29 lines
1.0 KiB
Nix
{
|
|
allowedTCPPorts = [
|
|
8384 22000 # syncthing
|
|
8080 8443 6789 8880 8843 27117 # unifi controller: https://help.ui.com/hc/en-us/articles/218506997-UniFi-Network-Required-Ports-Reference
|
|
8585 # pihole web
|
|
53 # pihole
|
|
#8123 # home-assistant
|
|
#3000 # gitea
|
|
8081 # vaultwarden
|
|
# If we are reverse proxying we should map to a different port than 443 or
|
|
# 80. Here we blackhole those ports so that pihole will be more efficient.
|
|
# When pihole "blocks" a site, depending on configuration what it may really
|
|
# does is returns its own IP, so the client then requests the content from
|
|
# this node at whichever port it needs. That is usually 80 or 443 for http
|
|
# and https, so it's better to block these fast than to pass all that
|
|
# traffic to some actual service.
|
|
#80 443 # reverse proxy
|
|
];
|
|
allowedUDPPorts = [
|
|
22000 21027 # syncthing
|
|
3478 5514 10001 1900 123 # unifi
|
|
53 # pihole
|
|
#80 443 # reverse proxy
|
|
];
|
|
allowedUDPPortRanges = [
|
|
{ from = 5656; to = 5699; } # unifi
|
|
];
|
|
}
|