services.opensnitch.rules

Declarative configuration of firewall rules. All rules will be stored in /var/lib/opensnitch/rules by default. Rules path can be configured with settings.Rules.Path. See upstream documentation for available options.

Type

open submodule of (JSON value)

Default

{ }

Example

{
  "tor" = {
    "name" = "tor";
    "enabled" = true;
    "action" = "allow";
    "duration" = "always";
    "operator" = {
      "type" ="simple";
      "sensitive" = false;
      "operand" = "process.path";
      "data" = "${lib.getBin pkgs.tor}/bin/tor";
    };
  };
};

Declared

<nixpkgs/nixos/modules/services/security/opensnitch.nix>