diff options
| author | jeschli <jeschli@gmail.com> | 2019-04-02 19:38:35 +0200 |
|---|---|---|
| committer | jeschli <jeschli@gmail.com> | 2019-04-02 19:38:35 +0200 |
| commit | f8b88080d5bb27e4a6b35b26d6036de40517ba57 (patch) | |
| tree | f8a077997ca889950daa0cb5ec11cc486f420bbe /tv/3modules/iptables.nix | |
| parent | 17712c90772d68f174f579e570fa23a8fa674245 (diff) | |
| parent | 6654f03b09b7b80e3ee6339c92e6172579349744 (diff) | |
:Merge branch 'master' of prism.r:stockholm
Diffstat (limited to 'tv/3modules/iptables.nix')
| -rw-r--r-- | tv/3modules/iptables.nix | 59 |
1 files changed, 46 insertions, 13 deletions
diff --git a/tv/3modules/iptables.nix b/tv/3modules/iptables.nix index 56861dc7..3974760d 100644 --- a/tv/3modules/iptables.nix +++ b/tv/3modules/iptables.nix @@ -9,6 +9,37 @@ let { config = lib.mkIf cfg.enable imp; }; + extraTypes = { + rules = types.submodule { + options = { + nat.OUTPUT = mkOption { + type = with types; listOf str; + default = []; + }; + nat.PREROUTING = mkOption { + type = with types; listOf str; + default = []; + }; + nat.POSTROUTING = mkOption { + type = with types; listOf str; + default = []; + }; + filter.FORWARD = mkOption { + type = with types; listOf str; + default = []; + }; + filter.INPUT = mkOption { + type = with types; listOf str; + default = []; + }; + filter.Retiolum = mkOption { + type = with types; listOf str; + default = []; + }; + }; + }; + }; + api = { enable = mkEnableOption "tv.iptables"; @@ -37,19 +68,19 @@ let { default = []; }; - extra = { - nat.POSTROUTING = mkOption { - type = with types; listOf str; - default = []; - }; - filter.FORWARD = mkOption { - type = with types; listOf str; - default = []; - }; - filter.INPUT = mkOption { - type = with types; listOf str; - default = []; - }; + extra = mkOption { + default = {}; + type = extraTypes.rules; + }; + + extra4 = mkOption { + default = {}; + type = extraTypes.rules; + }; + + extra6 = mkOption { + default = {}; + type = extraTypes.rules; }; }; @@ -112,6 +143,7 @@ let { "-o lo -p tcp -m tcp --dport 11423 -j REDIRECT --to-ports 22" ]} ${formatTable cfg.extra.nat} + ${formatTable cfg."extra${toString iptables-version}".nat} COMMIT *filter :INPUT DROP [0:0] @@ -129,6 +161,7 @@ let { ++ ["-i retiolum -j Retiolum"] )} ${formatTable cfg.extra.filter} + ${formatTable cfg."extra${toString iptables-version}".filter} ${concatMapStringsSep "\n" (rule: "-A Retiolum ${rule}") ([] ++ optional (cfg.accept-echo-request == "retiolum") accept-echo-request ++ map accept-tcp (unique (map toString cfg.input-retiolum-accept-tcp)) |