diff --git a/common/tooling/opensnitch/default.nix b/common/tooling/opensnitch/default.nix index 72dbf55..f0292b6 100644 --- a/common/tooling/opensnitch/default.nix +++ b/common/tooling/opensnitch/default.nix @@ -26,6 +26,8 @@ let local_network = [ "192.168.0.0/16" "10.0.0.0/8" "172.16.0.0/12" "fc00::/7" ]; local_ips = pkgs.writeTextDir "local_ips.list" (concatLines local_network); + + created = "1970-01-01T00:00:00.0+00:00"; in { config = mkIf (enable && tooling.enable && network) { @@ -57,6 +59,7 @@ in enabled = true; action = "allow"; duration = "always"; + inherit created; operator = { type ="simple"; sensitive = false; @@ -70,6 +73,7 @@ in action = "deny"; enabled = true; duration = "always"; + inherit created; operator = { type = "lists"; operand = "lists.domains"; @@ -82,6 +86,7 @@ in enabled = true; action = "allow"; duration = "always"; + inherit created; operator = { type = "list"; operand = "list"; @@ -117,6 +122,7 @@ in action = "allow"; duration = "always"; precedence = true; + inherit created; operator = { type ="regexp"; sensitive = false; @@ -131,6 +137,7 @@ in action = "deny"; precedence = false; duration = "always"; + inherit created; operator = { type ="simple"; sensitive = false; @@ -145,6 +152,7 @@ in action = "deny"; precedence = false; duration = "always"; + inherit created; operator = { type ="regexp"; sensitive = false; @@ -159,6 +167,7 @@ in action = "allow"; precedence = true; duration = "always"; + inherit created; operator = { type = "list"; operand = "list"; @@ -189,6 +198,7 @@ in enabled = true; action = "allow"; duration = "always"; + inherit created; operator = { type = "list"; operand = "list"; @@ -219,6 +229,7 @@ in action = "allow"; duration = "always"; precedence = true; + inherit created; operator = { type = "list"; operand = "list"; @@ -250,6 +261,7 @@ in action = "allow"; duration = "always"; precedence = true; + inherit created; operator = { type = "list"; operand = "list"; @@ -275,6 +287,7 @@ in action = "deny"; precedence = false; duration = "always"; + inherit created; operator = { type ="regexp"; sensitive = false; @@ -289,6 +302,7 @@ in action = "allow"; precedence = true; duration = "always"; + inherit created; operator = { type = "list"; operand = "list"; @@ -314,6 +328,7 @@ in action = "deny"; precedence = false; duration = "always"; + inherit created; operator = { type ="regexp"; sensitive = false; @@ -329,6 +344,7 @@ in action = "allow"; precedence = true; duration = "always"; + inherit created; operator = { type = "list"; operand = "list"; @@ -355,6 +371,7 @@ in enabled = true; action = "allow"; duration = "always"; + inherit created; operator = { type = "list"; operand = "list"; @@ -384,6 +401,7 @@ in enabled = true; action = "allow"; duration = "always"; + inherit created; operator = { type ="regexp"; operand = "protocol"; @@ -397,6 +415,7 @@ in enabled = true; action = "allow"; duration = "always"; + inherit created; operator = { type = "list"; operand = "list"; @@ -426,6 +445,7 @@ in enabled = true; action = "allow"; duration = "always"; + inherit created; operator = { type = "list"; operand = "list"; @@ -439,7 +459,7 @@ in { type ="regexp"; operand = "dest.port"; - data = "53|631"; + data = "53|631|80"; } { type = "lists"; @@ -455,6 +475,7 @@ in enabled = true; action = "allow"; duration = "always"; + inherit created; operator = { type = "list"; operand = "list"; @@ -489,6 +510,7 @@ in enabled = true; action = "allow"; duration = "always"; + inherit created; operator = { type = "list"; operand = "list";