How does it work about NixOS's default iptables?

Ezreal · February 25, 2020, 10:33am

I installed NixOS on my personal Computer.
Its a 19.09.1977.1dadefec574 (Loris).

then, I realized that NixOS’s default iptables is a little weird.

Chain nixos-fw (1 references)
target     prot opt source               destination
nixos-fw-accept  all  --  0.0.0.0/0            0.0.0.0/0
nixos-fw-accept  all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
nixos-fw-accept  tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22
nixos-fw-accept  icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 8
nixos-fw-log-refuse  all  --  0.0.0.0/0            0.0.0.0/0

Chain nixos-fw-accept (4 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

Above is default iptables.

The Chain of nixos-fw-accept allows every traffics, but actually, It did not allow any traffics except ssh and icmp.

Could you tell me the reason why I could not use any traffics except ssh and icmp…

tokudan · February 25, 2020, 11:06am

You didn’t show all details of the rules. Try
# iptables -vnL
The first line in nixos-fw is probably limited to the interface lo.

Ezreal · February 25, 2020, 11:24am

Thank you very much !!
I did not notice at all.

Chain nixos-fw (1 references)
 pkts bytes target     prot opt in     out     source               destination
 466K  134M nixos-fw-accept  all  --  lo     *       0.0.0.0/0            0.0.0.0/0

you are right !!