dev: NixOS 25.11 매뉴얼 로컬 사본 추가

nixpkgs nixos-25.11 브랜치의 nixos/doc/manual/ 디렉토리를 sparse clone으로
가져와 ~/obsidian/dev/nixos-manual/에 복사. _index.md에 구조/갱신 방법 정리.

오프라인 참조 + AI 에이전트 컨텍스트용. sandbox-tokyo 같은 NixOS 노드 운영 시
빠른 참조로 사용.

dev/nixos-manual/configuration/firewall.section.md

@@ -0,0 +1,45 @@
+# Firewall {#sec-firewall}
+
+NixOS has a simple stateful firewall that blocks incoming connections
+and other unexpected packets. The firewall applies to both IPv4 and IPv6
+traffic. It is enabled by default. It can be disabled as follows:
+
+```nix
+{ networking.firewall.enable = false; }
+```
+
+If the firewall is enabled, you can open specific TCP ports to the
+outside world:
+
+```nix
+{
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+}
+```
+
+Note that TCP port 22 (ssh) is opened automatically if the SSH daemon is
+enabled (`services.openssh.enable = true`). UDP ports can be opened through
+[](#opt-networking.firewall.allowedUDPPorts).
+
+To open ranges of TCP ports:
+
+```nix
+{
+  networking.firewall.allowedTCPPortRanges = [
+    {
+      from = 4000;
+      to = 4007;
+    }
+    {
+      from = 8000;
+      to = 8010;
+    }
+  ];
+}
+```
+
+Similarly, UDP port ranges can be opened through
+[](#opt-networking.firewall.allowedUDPPortRanges).