From 3a29e3975e31bc987dfef8e2664a2c237224be0d Mon Sep 17 00:00:00 2001 From: Grimmauld Date: Sun, 6 Oct 2024 10:47:08 +0200 Subject: [PATCH] refine timesyncd rule --- common/tooling/opensnitch/default.nix | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/common/tooling/opensnitch/default.nix b/common/tooling/opensnitch/default.nix index e16c798..dcdae03 100644 --- a/common/tooling/opensnitch/default.nix +++ b/common/tooling/opensnitch/default.nix @@ -284,14 +284,25 @@ in operand = "list"; list = [ { - type ="simple"; + type = "simple"; sensitive = false; operand = "process.path"; data = "${lib.getBin pkgs.systemd}/lib/systemd/systemd-timesyncd"; } { type ="regexp"; operand = "dest.port"; - data = "123|37"; + data = "123|37|53"; + } + { + type = "regexp"; + sensitive = false; + operand = "dest.host"; + data = ".*\.nixos\.pool\.ntp\.org"; + } + { + type = "simple"; + operand = "user.id"; + data = "154"; } ]; };