Path to the API key to authenticate with a local CrowdSec API

API key to authenticate with a local crowdsec API

Whether to automatically register the bouncer to the locally running crowdsec service

Whether to automatically open firewall ports for crowdsec.

The user to run crowdsec as

Hub collections, parsers, AppSec rules, etc.

Name of the machine when registering it at the central or local api.

The group to run crowdsec as

Whether to enable CrowdSec Firewall Bouncer.

Whether to enable CrowdSec Security Engine.

The crowdsec-firewall-bouncer package to use.

The crowdsec package to use.

URL of the local API.

The configuration for a crowdsec security engine.

Settings for the main CrowdSec Firewall Bouncer

Firewall mode to use.

Set of various configuration attributes

Whether to have the module create the appropriate firewall configuration based on the bouncer settings

Whether to enable if true cscli hub update will be executed daily

Name to register the bouncer as to the CrowdSec API

Whether to enable firewalling for outgoing traffic of the nix daemon.

Whether to allow traffic that is neither TCP nor UDP

Whether to enable the firewall

TCP ports to which traffic is allowed

UDP ports to which traffic is allowed

Additional shell commands executed as part of the firewall initialisation script

If pings are allowed, this allows setting rate limits on them

Additional nftables rules to be appended to the rpfilter-allow chain

Underlying implementation for the firewall service.

The package to use for running the firewall service.

Whether to allow traffic on the loopback interface

Logs dropped packets failing the reverse path filter test if the option networking.firewall.checkReversePath is enabled.

Performs a reverse path filter test on a packet

Extra nftables rules to prepend to the generated ones

Firewall rules for inbound traffic.

Additional nftables rules to be appended to the input-allow chain

Whether to enable Ferm Firewall. Warning: Enabling this service WILL disable the existing NixOS firewall! Default firewall rules provided by packages are not considered at the moment.

Firewall rules for outbound traffic.

Additional shell commands executed as part of the firewall shutdown script

Enable filtering in IP forwarding

Additional nftables rules to be appended to the forward-allow chain

Whether to allow traffic to local networks

Whether to respond to incoming ICMPv4 echo requests ("pings")

List of open UDP ports.

List of TCP ports on which incoming connections are accepted.

List of UDP ports to open in firewall.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.pgbouncer.openFirewall is true.

Additional packages to be included in the environment of the system as well as the path of networking.firewall.extraCommands.

Range of open UDP ports.

A range of TCP ports on which incoming connections are accepted.

List of TCP ports to open in firewall

Specify a filter for iptables to use when services.prometheus.exporters.pgbouncer.openFirewall is true

Interface-specific open ports.

Whether to enable Shorewall IPv4 Firewall.

If set, refused packets are rejected rather than dropped (ignored)

Whether to log all rejected or dropped incoming packets

If networking.firewall.logRefusedPackets and this option are enabled, then only log packets specifically directed at this machine, i.e., not broadcasts or multicasts.

Whether to enable Shorewall IPv6 Firewall.

Whether to auto-load connection-tracking helpers

Traffic coming in from these interfaces will be accepted unconditionally

Whether to open the required firewall ports in the firewall.

Whether to clean up firewall rules when firewalld stops.

List of open UDP ports.

List of TCP ports on which incoming connections are accepted.

Whether to log rejected or dropped incoming connections

Specify rules for nftables to add to the input chain when services.prometheus.exporters.nut.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.lnd.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.sql.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.frr.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.pve.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.zfs.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.kea.openFirewall is true.

firewalld zone configuration files

Range of open UDP ports.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.nats.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.bind.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.ping.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.flow.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.json.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.ipmi.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.bird.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.mail.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.ebpf.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.knot.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.node.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.snmp.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.mqtt.openFirewall is true.

Whether to enable FirewallD.

A range of TCP ports on which incoming connections are accepted.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.php-fpm.openFirewall is true.

Extra arguments to pass to FirewallD.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.nginx.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.redis.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.kafka.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.idrac.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.v2ray.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.jitsi.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.fritz.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.dmarc.openFirewall is true.

Whether to automatically open the specified TCP port in the firewall.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.node-cert.openFirewall is true.

Whether to stop reaction when reloading the firewall

The backend used to setup virtual network firewall rules.

Whether to unload all firewall-related kernel modules when firewalld stops.

Specify a filter for iptables to use when services.prometheus.exporters.sql.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.lnd.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.frr.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.zfs.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.nut.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.kea.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.pve.openFirewall is true

Specify rules for nftables to add to the input chain when services.prometheus.exporters.fastly.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.shelly.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.statsd.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.tibber.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.rspamd.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.chrony.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.pihole.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.script.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.dnssec.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.restic.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.domain.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.deluge.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.mysqld.openFirewall is true.

Specify a filter for iptables to use when services.prometheus.exporters.mqtt.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.json.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.flow.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.mail.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.ebpf.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.nats.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.knot.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.bind.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.bird.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.node.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.ipmi.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.ping.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.snmp.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.php-fpm.openFirewall is true

Specify rules for nftables to add to the input chain when services.prometheus.exporters.nvidia-gpu.openFirewall is true.

The firewalld package to use.

Specify a filter for iptables to use when services.prometheus.exporters.jitsi.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.redis.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.nginx.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.idrac.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.kafka.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.v2ray.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.fritz.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.dmarc.openFirewall is true

Specify rules for nftables to add to the input chain when services.prometheus.exporters.bitcoin.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.dnsmasq.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.unbound.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.apcupsd.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.libvirt.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.varnish.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.postfix.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.sabnzbd.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.ecoflow.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.klipper.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.systemd.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.dovecot.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.mongodb.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.process.openFirewall is true.

Specify a filter for iptables to use when services.prometheus.exporters.node-cert.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.domain.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.chrony.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.statsd.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.tibber.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.mysqld.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.rspamd.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.pihole.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.deluge.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.dnssec.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.restic.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.script.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.fastly.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.shelly.openFirewall is true

Short description for the zone.

Rich rules for the zone.

Ports to allow in the zone.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.py-air-control.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.rtl_433.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.unpoller.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.blackbox.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.influxdb.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.collectd.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.mikrotik.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.fritzbox.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.graphite.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.nginxlog.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.postgres.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.keylight.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.opnsense.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.smartctl.openFirewall is true.

Specify a filter for iptables to use when services.prometheus.exporters.nvidia-gpu.openFirewall is true

Verbatim ferm.conf configuration.

The firewall backend implementation

Specify a filter for iptables to use when services.prometheus.exporters.apcupsd.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.unbound.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.varnish.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.ecoflow.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.bitcoin.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.dnsmasq.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.dovecot.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.libvirt.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.sabnzbd.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.process.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.systemd.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.mongodb.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.klipper.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.postfix.openFirewall is true

firewalld service configuration files

Specify rules for nftables to add to the input chain when services.prometheus.exporters.mailman3.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.imap-mailstat.openFirewall is true.

List of connection-tracking helpers that are auto-loaded

Specify a filter for iptables to use when services.prometheus.exporters.py-air-control.openFirewall is true

Specify rules for nftables to add to the input chain when services.prometheus.exporters.nextcloud.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.surfboard.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.smokeping.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.wireguard.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.rasdaemon.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.borgmatic.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.tailscale.openFirewall is true.

Action for packets that doesn't match any rules.

Specify a filter for iptables to use when services.prometheus.exporters.rtl_433.openFirewall is true

Specify rules for nftables to add to the input chain when services.prometheus.exporters.junos-czerwonk.openFirewall is true.

Whether to use individual -restore calls to apply changes to the firewall

FirewallD config file

Specify a filter for iptables to use when services.prometheus.exporters.keylight.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.fritzbox.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.opnsense.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.smartctl.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.mikrotik.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.influxdb.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.postgres.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.nginxlog.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.unpoller.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.blackbox.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.collectd.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.graphite.openFirewall is true

The UDP port to open in the firewall

Open ports in the firewall for upsd.

Specify a filter for iptables to use when services.prometheus.exporters.imap-mailstat.openFirewall is true

Packages providing firewalld zones and other files

The firewall package used by fail2ban service

Specify a filter for iptables to use when services.prometheus.exporters.mailman3.openFirewall is true

Version of the zone.

Open ports in the firewall for irkerd

Specify rules for nftables to add to the input chain when services.prometheus.exporters.buildkite-agent.openFirewall is true.

ICMP types to block in the zone.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.scaphandre.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.storagebox.openFirewall is true.

Specify a filter for iptables to use when services.prometheus.exporters.smokeping.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.wireguard.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.nextcloud.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.borgmatic.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.surfboard.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.rasdaemon.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.tailscale.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.junos-czerwonk.openFirewall is true

Whether to open firewall ports for Zammad

Path to the directory where firewall rules can be found and will get stored by the NixOS module.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.exportarr-sonarr.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.exportarr-lidarr.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.exportarr-bazarr.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.exportarr-radarr.openFirewall is true.

Ports of the service.

Services to allow in the zone.

Short description for the service.

A MAC address.

Source ports to allow in the zone.

Source addresses, address ranges, MAC addresses or ipsets to bind.

Whether to enable open the peer port(s) in the firewall.

Specify a filter for iptables to use when services.prometheus.exporters.buildkite-agent.openFirewall is true

The k3s server to connect to

Specify a filter for iptables to use when services.prometheus.exporters.scaphandre.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.storagebox.openFirewall is true

Specify rules for nftables to add to the input chain when services.prometheus.exporters.exportarr-readarr.openFirewall is true.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.artifactory.openFirewall is true.

Specify a filter for iptables to use when services.prometheus.exporters.exportarr-radarr.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.exportarr-lidarr.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.exportarr-sonarr.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.exportarr-bazarr.openFirewall is true

Ports to forward in the zone.

An ipset.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.exportarr-prowlarr.openFirewall is true.

Use a fixed port for rpc.statd

Open the firewall port.

If false (the default), this is up to the user to declare the firewall rules

Whether to filter IPv6 traffic with 6to4 destination addresses that correspond to IPv4 addresses that should not be routed over the public internet.

Depending on the local firewall/NAT rules, you might need to force Miredo to use a fixed UDP port and or IPv4 address.

Specify a filter for iptables to use when services.prometheus.exporters.exportarr-readarr.openFirewall is true

Specify a filter for iptables to use when services.prometheus.exporters.artifactory.openFirewall is true

Open listen and RPC ports found in settings.listen-port and settings.rpc-listen-port options in the firewall.

Whether to enable intra-zone forwarding

Port to listen on

Specify rules for nftables to add to the input chain when services.prometheus.exporters.modemmanager.openFirewall is true.

Default zone for connections.

Whether or not to open ports in the firewall for qui.

Version of the service.

Helpers for the service.

Use fixed port for rpc.mountd, useful if server is behind firewall.

Specify a filter for iptables to use when services.prometheus.exporters.exportarr-prowlarr.openFirewall is true

The policy during reload.

Open ports in the firewall for the n8n web interface.

Opens port in firewall for fedimintd's api port

Whether to flush all runtime rules on a reload.

Whether to enable opening of the relay port(s) in the firewall.

Source ports for the service.

Protocols to allow in the zone.

Use a fixed port for the NFS lock manager kernel module (lockd/nlockmgr)

Destination IP address.

Whether to open firewall ports for send

Open ports in the firewall for the media server.

Specify a filter for iptables to use when services.prometheus.exporters.modemmanager.openFirewall is true

Open ports in the firewall for the Ombi web interface.

Whether to open the firewall for the specified RDP port.

Add logging rules right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones for the configured link-layer packet type.

Open ports in the firewall for the server.

Whether to enable Rygel UPnP Mediaserver

Whether to enable opening of the peer port(s) in the firewall.

Open ports in the firewall for the Ergo node as well as the API.

Services to include for the service.

Open ports in the firewall for the plikd.

Whether to open ports in the firewall.

Open port in firewall for snmpd.

Whether to open the firewall for Apache Tika

Whether to open ports in the firewall for ZNC

Open ports in the firewall for the atuin server.

Whether to enable opening the ports in the firewall.

Whether to open the cook-cli server port in the firewall.

Priority for outbound traffic

Whether to open the firewall for the port in services.flood.port.

Whether to open the firewall for the port in services.komga.settings.server.port.

Whether to open the firewall for the Gatus web interface.

Open ports in the firewall for the Paisa web server.

Open ports in the firewall for the Stash web interface.

Interfaces to bind.

Whether to open ports in the firewall needed for karma to function.

Whether to enable opening of the HTTP and Peer ports in the firewall.

Open ports in the firewall for the ShokoAnime api and web interface.

Whether to enable opening the default ports in the firewall for Samba.

Whether to enable the default ports in the firewall for the WiVRn server.

Open ports in the firewall for nix-serve.

Whether to enable masquerading in the zone.

Open ports in the firewall for LLaMA C++ server.

Extra deletion commands to be run on every firewall start, reload and after stopping the firewall.

Protocols for the service.

Open ports in the firewall for Lidarr

Priority for inbound traffic

Whether to open the firewall for the soulseek network listen port (not the web interface port).

Whether to open the firewall for the specified port.

Whether to open the immich port in the firewall

Open etcd ports in the firewall

Open ports in the firewall for deluge web daemon

Whether to enable opening port in the firewall.

Whether to enable opening up the service ports in the firewall.

Open ports in the firewall for the bazarr web interface.

Whether to open the Porn-Vault port in the firewall.

Open ports in the firewall for the Sonarr web interface

Open ports in the firewall for Nitter web interface.

Open ports in the firewall for the Radarr web interface.

Open ports in the firewall for the redlib web interface

Open ports in the firewall for mpd

Whether to open the UDP port used for multicast peer discovery

Whether to open the firewall for Glance

Whether to open the firewall for ollama

Whether to enable opening ports in the firewall for the Mumble server.

Depending on the local firewall/NAT rules, you might need to force Miredo to use a fixed UDP port and or IPv4 address.

Whether to open the firewall for UDP port 5353

Whether to open firewall on ports 5150/tcp, 5150/udp

Whether to enable Opens the specified port in the firewall. .

An IP address or a network IP address with a mask for IPv4 or IPv6

Description for the zone.

Whether to open firewall ports for OpenArena

Whether to open firewall ports for Teeworlds.

Whether to invert the icmp block handling

Open ports in the firewall for the server.

Open ports in the firewall for the bridge.

Whether to open the firewall for Open-WebUI

Whether to open ports in the firewall for the server

Open ports in the firewall for iperf3.

Content of IfState's initrd cleanup configuration file

Open the ports in the firewall

Open port in firewall for incoming connections.

Whether to open the firewall for llama-swap

Whether to open ports in the firewall.

Open port in the firewall for glances.

Open the ports in the firewall for the server.

Open the configured port in the firewall.

Open ports in the firewall for Readarr

Open the firewall port(s).

Open firewall ports for Druid Broker.

Open firewall ports for Druid Router.

Whether to open the firewall for the specified port.

Opens port range for LiveKit on the firewall.

Whether to open the port in the firewall for MaryTTS.

Whether to enable firewall passthrough for pgadmin4.

Open the appropriate ports in the firewall for owncast.

Whether to open the firewall for the default ports.

Whether to open the firewall for the default ports.

Whether to open the firewall port (default 45876).

Whether to automatically open the necessary ports in the firewall.

Opens TCP port in firewall for fedimintd's Websocket API

Open ports in the firewall for pihole-FTL's DNS server.

Open ports in the firewall for the Autobrr web interface.

Open ports in the firewall for the Jackett web interface.

Whether to enable opening of the identd port in the firewall.

Whether to open ports in the NixOS firewall for Sharkey.

Whether to automatically open the specified ports in the firewall.

Open ports in the firewall for the uMurmur Mumble server.

Open ports in the firewall for the Serviio Media Server.

Open ports in the firewall for the sabnzbd web interface

Open ports in the firewall for the PdfDing web interface.

Whether to open the port specified in listenPort in the firewall.

Open the firewall for TCP and UDP on the specified port.

Whether to open the firewall for the port in services.uptermd.port.

Specifies the default port over which Cassandra will be available for JMX connections

Whether to enable opening the firewall for the TCP and spy ports.

Open ports in the firewall for the server.

Whether to add a counter to every nftables rule.

Whether to open the default ports in the firewall for the ALVR server.

Whether to enable opening the firewall for the port listening for clients.

Whether to open ports in the firewall needed for the daemon to function.

Whether to open the firewall for Orthanc

Whether to open the firewall for LiteLLM

Open firewall ports for HBase rest.

Whether to open the firewall for the specified port.

Open ports in the firewall for the Zabbix Agent.

Open ports in the firewall for the Zabbix Proxy.

Whether to enable opening the firewall for radicle-node.

If enabled, the generated nftables rule set will be owned exclusively by firewalld

Open ports in the firewall for pihole-FTL's DHCP server.

Whether or not to open the minimum required ports on the firewall

Whether to open the firewall for the immich-kiosk port.

Whether to enable firewall passthrough for haste-server.

Whether to open the firewall for the specified port.

IPv4 destination.

IPv6 destination.

Whether to enable opening the specified http(s) ports in the firewall

Open the firewall.

Whether to enable opening the firewall when using a port option.

The list of ports used by coturn for listening to open in the firewall.

Destinations for the service.

Description for the service.

Open the firewall for mycelium

Whether to enable opening the default ports in the firewall for Devpi Server.

Whether to automatically open the specified ports in the firewall.

Whether to open the port in the firewall.

Whether to open ports in the firewall

Open ports in the firewall for Metabase.

Open ports in the firewall for Tautulli.

Specify the bypass parameters for Zapret binary

Open firewall ports for HDFS JournalNode.

If enabled, the generated destination NAT (DNAT) rules will NOT accept traffic that was DNAT'd by other entities, e.g. docker

Open the default ports in the firewall for the server.

Open the appropriate ports in the firewall for spoolman.

Whether to automatically open ports in the firewall.

Whether to enable Opensnitch application firewall.

Open ports in the firewall for the Zabbix Server.

Whether to open ports in the firewall

Whether to enable LDAPS protocol

Whether to enable a Coturn server for Netbird, will also open the firewall on the configured range.

Whether to open the firewall for the port in services.gemstash.bind.

Whether to open a firewall port for the SSH listener.

Whether to open the firewall for the port in services.rtorrent.port.

Open ports in the firewall for the Prowlarr web interface.

Open ports in the firewall for the Whisparr web interface.

Whether to automatically open the specified TCP port in the firewall.

Whether to automatically open the specified UDP port in the firewall.

Whether to enable opening the default ports in the firewall for Scrutiny.

Whether to open a firewall port for the SSH listener.

The port the server should listen on

Open the configured port in the firewall for external ingress traffic

The port the server should listen on

Open firewall ports for HBase thrift.

Open firewall ports for HBase master.

Whether to enable sharing, a CLI tool for sharing files

Whether to open the firewall for TCP ports specified in listenAddresses option.

Whether to open the firewall for the port in services.pingvin-share.frontend.port.

Whether to automatically open the necessary ports in the firewall.

Opens UDP port in firewall for fedimintd's API Iroh endpoint

Whether to enable opening HTTP (TCP) and SSDP (UDP) ports in the firewall.

Whether to open TCP firewall ports, which are specified in services.stalwart.settings.server.listener on all interfaces.

Whether to open ports in the firewall

Whether to open ports in the firewall

Whether to open ports in the firewall

Open firewall ports for Druid Overlord.

Whether to open the firewall for Docling Serve

Whether to automatically open required firewall ports for master service.

Whether to open ports in the firewall for the server.

This may improve forwarded traffic throughput by enabling nftables flowtable

Whether to enable Network Address Translation (NAT)

Open WebRTC ports in the firewall.

Whether to open the port in the firewall.

Open DHT ports in firewall

Open ports in the firewall for OctoPrint.

Open ports in the firewall for the Calibre Server web interface.

Whether to open ports in the firewall for the server.

Open the appropriate ports in the firewall.

Open the appropriate ports in the firewall.

Whether to open the IPP port in the firewall

Whether to open the firewall for the specified port.

Whether to open the TCP port in the firewall

Whether to enable opening TCP ports 80 and 443, and UDP port 51820 in the firewall for the Pangolin service(s).

Whether to open the firewall for the ports in services.deluge.config.listen_ports

Open ports in the firewall for LANraragi's web interface.

Open ports in the firewall for the Pinchflat web interface

Open a port in the firewall for the Overseerr web interface.

Open RTMP port in the firewall.

Open WHIP port in the firewall.

Whether to open TCP firewall ports, which are specified in services.stalwart-mail.settings.server.listener on all interfaces.

Whether to enable allowing blendfarm network access through the firewall.

Whether to automatically open receive port in the firewall.

Whether to automatically open the specified port in the firewall

Open firewall ports for Druid middleManager.

Open firewall ports for HDFS DataNode.

Open firewall ports for HDFS NameNode.

Open firewall ports for cluster communication by default

Opens the port used by the firewall.

Declarative configuration of firewall rules

Mark all wireguard packets originating from this interface with the given firewall mark

Whether to automatically open ports in the firewall.

Whether to open the firewall for the specified port.

Whether to enable Open firewall ports for livekit.

Open ports (67, 69, 4011 UDP and 'port', 'statusPort' TCP) in the firewall for Pixiecore.

Open the default ports in the firewall for the media server

Open firewall ports for HBase regionServer.

Whether to open the firewall for the port in services.suwayomi-server.settings.server.port.

Whether to enable opening the HTTP server port and, if enabled, the HTTPS redirect server port in the firewall. .

Open ports in the firewall for the NZBHydra2 web interface.

Open ports in the firewall for Steam Remote Play.

Whether to run reaction as root

Open the firewall port(s).

Whether to enable Open firewall for the specified port.

Opens TCP port in firewall for built-in UI

Whether to enable opening WebRTC traffic ports in the firewall

Whether to open ports in the firewall for the server.

Whether to open the Linkwarden port in the firewall

Performs reverse path filtering (RPF) on IPv6 packets as per RFC 3704

Whether to automatically open the firewall for scheduler discovery.

Open port in the firewall for the Jellyseerr web interface.

Open ports in the firewall for the LubeLogger web interface.

Whether to automatically open the specified ports in the firewall.

Whether to open the firewall for the port in services.szurubooru.server.port.

Whether to open the firewall for the specified Taskserver port.

Automatically open gossip port in firewall (recommended).

Open ports in the firewall for the Homebridge web interface and service.

Whether to automatically allow VRRP and AH packets in the firewall.

Whether to enable the default ports in the firewall for the WiVRn server.

Opens port in firewall for fedimintd's p2p port (both TCP and UDP)

Whether to open ports in the firewall for the server.

Whether to open ports in the firewall for the server.

Open firewall ports for Druid Historical.

Whether to enable opening of the RPC port in the firewall.

Open the configured port in the firewall

Whether to open the firewall ports for Reposilite

Whether to enable opening UDP ports in the firewall.

Whether to open the firewall for the specified port

Open the port in the firewall

Open ports in the firewall for the TeamSpeak3 server.

Open ports in the firewall for Mirakurun.

Whether to setup firewall routing so that system http(s) traffic is forwarded via this service

Open ports in the firewall for pihole-FTL's webserver, as configured in settings.webserver.port.

Whether to enable opening of the peer port(s) in the firewall.

Whether to enable opening firewall ports for FileBrowser.

Whether to open the necessary port in the firewall for spacecookie.

Opens up firewall port for communication between NetBird peers directly over LAN or public IP, without using (internet-hosted) TURN servers as intermediaries.

Opens up firewall port for communication between NetBird peers directly over LAN or public IP, without using (internet-hosted) TURN servers as intermediaries.

Whether to enable opening both the webuiPort and torrentPort over TCP in the firewall.

Whether to automatically open the daemon port in the firewall.

Whether to enable opening the firewall port 53317 for receiving files.

Open firewall ports for Druid Coordinator.

Which firewall backend to use.

Open ports in the firewall for Homepage.

The address or interface to bind the native transport server to

Open ports in the firewall for the AdGuard Home web interface

Open ports in the firewall for the EPGStation web interface.

Whether to open ports in the firewall for the videobridge.

Open firewall ports for HDFS JournalNode.

Whether to open the default ports in the firewall: TCP/UDP 22000 for transfers and UDP 21027 for discovery

Open port in the firewall.

Open the port in the firewall for FlareSolverr.

Whether to open the required ports in the firewall.

Whether to open the Flannel UDP ports in the firewall on all interfaces.

Whether to automatically open the necessary ports in the firewall.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Whether to automatically open required firewall ports for chunkserver service.

Open the firewall ports corresponding to FoundationDB processes and coordinators using config.networking.firewall.*.

Whether to open the required firewall ports for the Smartphone as Card Reader (SaC) functionality of AusweisApp.

Open firewall ports for nodemanager

Opens up internal firewall ports for the NetBird's network interface.

Opens up internal firewall ports for the NetBird's network interface.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open ports in the firewall for Source Dedicated Server.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open ports in the firewall for the TeamSpeak3 serverquery (administration) system

Whether to open ports in the firewall

Open ports in the firewall for TorrentStream daemon.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

List of addresses and ports to listen on (ListenAddress directive in config)

Whether to enable Open firewall port for taskchampion-sync-server.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Enables distributed pollers for this LibreNMS instance

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open ports in the firewall for the Audiobookshelf web interface.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open ports in the firewall for Steam Local Network Game Transfers.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Whether to enable application firewall.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Open firewall ports for resourcemanager

Opens the bridge port in the firewall.

Open port in firewall for incoming connections.

Open port in firewall for incoming connections.

Whether to enable nftables and use nftables based firewall if enabled. nftables is a Linux-based packet filtering framework intended to replace frameworks like iptables

Open port in firewall for incoming connections.

When using the SLiRP user networking (default), this option allows to forward ports to/from the host/guest.

Open port in firewall for incoming connections.

Whether to open the port in the firewall.

Turn on proxy_arp for this device

This is optional and is by default off, because most users will not need it

This is optional and is by default off, because most users will not need it

Network ports to publish from the container to the outer host