Ok, another noobish question here. Sorry for that.
I’m running NixOS on my laptop. I normally connect via my phone hotspot but sometimes, like now, I use local wifi, currently a hotel. I want to learn how to configure my firewall as in the past I’ve always used a GUI tool for that.
How do I determine what ports I need to list as open in configuration.nix? I currently have the firewall disabled in configuration but feel that’s not really a good idea. My uses are basically web browsing, watching Netflix/Hulu/Amazon/Youtube, irc, email, and wireless printing. I think my needs are pretty basic.
Oh I do run some VMs in Virtualbox if that matters.
Any information to point me in the right direction would be appreciated.
2 Likes
OK, I found an online reference for commonly used ports and listed the ones I thought I needed. Firewall is active and I have connectivity so I must have done something right.
I see that Skype requires a range of ports. In my configuration I listed individual ports, 80 8080 etc. Can individual ports and ranges be mixed together on the same line?
Basically have a look at NixOS Search
Note that by default the firewall only blocks incoming connections, so for web browsing, etc. you do not need to allow anything.
Only servers you run on your system need to be explicitely allowed.
Does Skype really require a range of ports? Typically client applications don’t require open ports, but it depends on the exact protocol they use.
A common configuration for a desktop or laptop is to just enable the firewall and to not open any ports at all.
If you’re running a webserver, mailserver, etc. then you may have to explicitely allow the relevant ports.
2 Likes
Oh, ok, great. I’m not running any servers, just a laptop as a personal computer, so I guess I’ll remove the ports I listed and see how it goes.
Thanks!
tokudan: thanks for that, I put the firewall setting back to default and everything seems just fine. I guess I was concerned about it without needing to be. I had assumed one had to set firewall rules like I was used to doing in Slackware.