From e40341e0b3a287cd5344c8932311363b282cf073 Mon Sep 17 00:00:00 2001
From: Daniel Langbein <daniel@systemli.org>
Date: Wed, 19 Feb 2025 23:04:58 +0100
Subject: [PATCH] docs

---
 modules/snowflake.nix | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/modules/snowflake.nix b/modules/snowflake.nix
index b5b798d..bbda1fe 100644
--- a/modules/snowflake.nix
+++ b/modules/snowflake.nix
@@ -4,12 +4,21 @@
   # Safe to run.
   # https://wiki.nixos.org/w/index.php?title=Tor
   #
-  # Monitoring
-  # - systemctl status snowflake-proxy.service
-  # - https://codeberg.org/privacy1st/snowflake-stats
+  # Monitoring: https://codeberg.org/privacy1st/snowflake-stats
 
   # Enable snowflake-proxy, a system to defeat internet censorship.
   services.snowflake-proxy.enable = true;
   # Maximum concurrent clients allowed.
   services.snowflake-proxy.capacity = 10;
-}
\ No newline at end of file
+
+  # Which inbounds UDP ports to open? https://forum.torproject.org/t/tor-relays-snowflake-incoming-udp-ports/2228/2
+  #
+  # If you have restricted NAT I would recommend you to open the UDP port range of 32768-60999.
+  #
+  # journalctl -u snowflake-proxy.service | grep 'NAT type'
+  # #=> NAT type: restricted
+  #
+#  networking.firewall.allowedUDPPortRanges = [
+#    { from = 32768; to = 60999; }
+#  ];
+}