nixos: nixos/doc/manual/configuration/firewall.xml to CommonMark

2024-11-20 20:02:14 +03:00 · 2021-07-01 23:13:41 +08:00 · 2021-07-01 23:13:41 +08:00 · 97bfa927fa
commit 97bfa927fa
parent dbd2d379da
4 changed files with 72 additions and 38 deletions
--- a/nixos/doc/manual/configuration/firewall.section.md
+++ b/nixos/doc/manual/configuration/firewall.section.md
@ -0,0 +1,32 @@
+# Firewall {#sec-firewall}
+
+NixOS has a simple stateful firewall that blocks incoming connections
+and other unexpected packets. The firewall applies to both IPv4 and IPv6
+traffic. It is enabled by default. It can be disabled as follows:
+
+```nix
+networking.firewall.enable = false;
+```
+
+If the firewall is enabled, you can open specific TCP ports to the
+outside world:
+
+```nix
+networking.firewall.allowedTCPPorts = [ 80 443 ];
+```
+
+Note that TCP port 22 (ssh) is opened automatically if the SSH daemon is
+enabled (`services.openssh.enable = true`). UDP ports can be opened through
+[`networking.firewall.allowedUDPPorts`](options.html#opt-networking.firewall.allowedUDPPorts).
+
+To open ranges of TCP ports:
+
+```nix
+networking.firewall.allowedTCPPortRanges = [
+  { from = 4000; to = 4007; }
+  { from = 8000; to = 8010; }
+];
+```
+
+Similarly, UDP port ranges can be opened through
+[`networking.firewall.allowedUDPPortRanges`](options.html#opt-networking.firewall.allowedUDPPortRanges).
--- a/nixos/doc/manual/configuration/firewall.xml
+++ b/nixos/doc/manual/configuration/firewall.xml
@ -1,37 +0,0 @@
-<section xmlns="http://docbook.org/ns/docbook"
-         xmlns:xlink="http://www.w3.org/1999/xlink"
-         xmlns:xi="http://www.w3.org/2001/XInclude"
-         version="5.0"
-         xml:id="sec-firewall">
- <title>Firewall</title>
-
- <para>
-  NixOS has a simple stateful firewall that blocks incoming connections and
-  other unexpected packets. The firewall applies to both IPv4 and IPv6 traffic.
-  It is enabled by default. It can be disabled as follows:
-<programlisting>
-<xref linkend="opt-networking.firewall.enable"/> = false;
-</programlisting>
-  If the firewall is enabled, you can open specific TCP ports to the outside
-  world:
-<programlisting>
-<xref linkend="opt-networking.firewall.allowedTCPPorts"/> = [ 80 443 ];
-</programlisting>
-  Note that TCP port 22 (ssh) is opened automatically if the SSH daemon is
-  enabled (<option><xref linkend="opt-services.openssh.enable"/> =
-  true</option>). UDP ports can be opened through
-  <xref linkend="opt-networking.firewall.allowedUDPPorts"/>.
- </para>
-
- <para>
-  To open ranges of TCP ports:
-<programlisting>
-<xref linkend="opt-networking.firewall.allowedTCPPortRanges"/> = [
-  { from = 4000; to = 4007; }
-  { from = 8000; to = 8010; }
-];
-</programlisting>
-  Similarly, UDP port ranges can be opened through
-  <xref linkend="opt-networking.firewall.allowedUDPPortRanges"/>.
- </para>
-</section>
--- a/nixos/doc/manual/configuration/networking.xml
+++ b/nixos/doc/manual/configuration/networking.xml
@ -12,7 +12,7 @@
 <xi:include href="../from_md/configuration/ssh.section.xml" />
 <xi:include href="../from_md/configuration/ipv4-config.section.xml" />
 <xi:include href="../from_md/configuration/ipv6-config.section.xml" />
- <xi:include href="firewall.xml" />
+ <xi:include href="../from_md/configuration/firewall.section.xml" />
 <xi:include href="wireless.xml" />
 <xi:include href="ad-hoc-network-config.xml" />
 <xi:include href="renaming-interfaces.xml" />
--- a/nixos/doc/manual/from_md/configuration/firewall.section.xml
+++ b/nixos/doc/manual/from_md/configuration/firewall.section.xml
@ -0,0 +1,39 @@
+<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-firewall">
+  <title>Firewall</title>
+  <para>
+    NixOS has a simple stateful firewall that blocks incoming
+    connections and other unexpected packets. The firewall applies to
+    both IPv4 and IPv6 traffic. It is enabled by default. It can be
+    disabled as follows:
+  </para>
+  <programlisting language="bash">
+networking.firewall.enable = false;
+</programlisting>
+  <para>
+    If the firewall is enabled, you can open specific TCP ports to the
+    outside world:
+  </para>
+  <programlisting language="bash">
+networking.firewall.allowedTCPPorts = [ 80 443 ];
+</programlisting>
+  <para>
+    Note that TCP port 22 (ssh) is opened automatically if the SSH
+    daemon is enabled
+    (<literal>services.openssh.enable = true</literal>). UDP ports can
+    be opened through
+    <link xlink:href="options.html#opt-networking.firewall.allowedUDPPorts"><literal>networking.firewall.allowedUDPPorts</literal></link>.
+  </para>
+  <para>
+    To open ranges of TCP ports:
+  </para>
+  <programlisting language="bash">
+networking.firewall.allowedTCPPortRanges = [
+  { from = 4000; to = 4007; }
+  { from = 8000; to = 8010; }
+];
+</programlisting>
+  <para>
+    Similarly, UDP port ranges can be opened through
+    <link xlink:href="options.html#opt-networking.firewall.allowedUDPPortRanges"><literal>networking.firewall.allowedUDPPortRanges</literal></link>.
+  </para>
+</section>