nixos-config/hosts/sup/firewall-services.nix

{ config, lib, pkgs, ... }:

{
  networking.firewall = {
    allowPing = true;
    # allowed TCP range
    allowedTCPPorts = [ 22 80 2342 9001 9002];
  };
  services.fail2ban = {
    enable = true;
    maxretry = 2;
    ignoreIP = [
      "127.0.0.0/8" 
      "212.114.16.52"
    ];
  };
}